last executing test programs: 1m2.477221678s ago: executing program 3 (id=547): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x2, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x49}}]}, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="7638300c000000002f00e9000000", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m2.026509745s ago: executing program 3 (id=550): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@bridge_delneigh={0x1c, 0x1c, 0x325, 0x70bd27, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x80, 0x8e, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x448c5}, 0x14) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) 1m1.591364172s ago: executing program 3 (id=554): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00f}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x844) 1m1.171966798s ago: executing program 3 (id=557): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x204) 1m0.901097953s ago: executing program 3 (id=560): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000500)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) getdents(0xffffffffffffffff, 0x0, 0x0) 1m0.42050742s ago: executing program 3 (id=561): r0 = syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./bus\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x80046c40, 0x0) 59.78188343s ago: executing program 32 (id=561): r0 = syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./bus\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x80046c40, 0x0) 36.870520381s ago: executing program 2 (id=744): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0xa082) write$UHID_CREATE(r0, &(0x7f0000000180)={0x0, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x0, 0x9, 0x7f6b, 0x4, 0x7, 0xc}}, 0x120) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0)={0x2001}) 36.748748643s ago: executing program 2 (id=746): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000200)={[{@grpquota}, {@lazytime}, {@minixdf}, {@barrier}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x800, 0x174) setuid(0xee01) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) 36.441253637s ago: executing program 2 (id=752): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000380)={[{@nodioread_nolock}, {@nobarrier}, {@data_err_ignore}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@nodiscard}, {}, {@i_version}]}, 0x6, 0x5fc, &(0x7f0000000600)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=") unshare(0x2040400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x8, 0x2, {0xc, 0x8fd344c1}}, 0x0) 35.772528108s ago: executing program 2 (id=758): syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000f80)='./file1\x00', 0x0, 0x1000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8442, 0x5c) ioctl$FS_IOC_RESVSP(r0, 0x40305839, 0x0) 35.502398262s ago: executing program 2 (id=760): r0 = fsopen(&(0x7f0000000800)='nfsd\x00', 0x1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 34.076639524s ago: executing program 2 (id=768): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0x5d, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) recvfrom$l2tp(r0, 0x0, 0x5d, 0x0, 0x0, 0x0) 33.550396493s ago: executing program 33 (id=768): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0x5d, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) recvfrom$l2tp(r0, 0x0, 0x5d, 0x0, 0x0, 0x0) 3.458265976s ago: executing program 0 (id=1050): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000340)="18", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @private0, 0x80000001}, 0x1c, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000040)={0x0, 0x6, 0x2, "59c3"}, 0xa) 3.330119168s ago: executing program 0 (id=1052): r0 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x1000a387, 0x0, 0x0, 0x0) 3.18807089s ago: executing program 0 (id=1055): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x70bd27, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x7}, [@FIB_RULE_POLICY=@FRA_OIFNAME={0x14, 0x11, 'veth0_to_bridge\x00'}, @FIB_RULE_POLICY=@FRA_FWMARK={0x8, 0xa, 0x5}, @FRA_SRC={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x17}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x40084) 3.110774341s ago: executing program 0 (id=1056): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2.289244854s ago: executing program 5 (id=1059): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0xf4, 0x30, 0x300, 0x71bd22, 0x25dfdbff, {}, [{0xe0, 0x1, [@m_csum={0x64, 0x19, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xe215, 0x7fffffff, 0x5, 0x7, 0xd}, 0x70}}]}, {0x19, 0x6, "368532db9b5148f0994d7ac80bedb31a6102c819bc"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0x78, 0x18, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x2, 0x9, 0x6, 0x8000, 0xf8d}}]}, {0x35, 0x6, "77b227832b90d1ff89f7a47093e4fcd6469c1b0a38a78e003c28c0247261b6866b44c2243e65a09e57be964fc0687b627b"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040850) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2.102984297s ago: executing program 5 (id=1061): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x7, 0x7, 0x3, 0x3c5b, 0x5, 0x24, 0x0, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x4, 0x1000007, 0x3, 0x8001, 0x4c74, 0x8f00, 0x642, 0x9, 0xfffffffe, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3, 0x8f, 0x6, 0x4, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x8000078, 0xea4, 0xa, 0x4, 0x4, 0x7d, 0x5, 0x400, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x6, 0x1000004, 0x8000009, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x40008, 0x5, 0x3, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x1, 0x0, 0x64e, 0x0, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x9, 0x86, 0x45056a1f, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x9, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x2, 0x54fe12da, 0xbf, 0x5, 0x3, 0x7f, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x1000, 0xbb31, 0x3, 0xfffffffc, 0x5, 0x938, 0x6, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x3, 0x5, 0x8, 0xff, 0x3, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x0, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x29, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0x1, 0x200, 0xfff, 0xfff]}, 0x45c) r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000001000030429bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="01000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1, @ANYBLOB="08001f"], 0x40}}, 0x0) 1.864247671s ago: executing program 0 (id=1062): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x6, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x16, &(0x7f0000000240)=@string={0x16, 0x3, "713ff3239b1074418a1ca4a040a4bddaa4a75de3"}}, {0x1b, &(0x7f0000000300)=@string={0x1b, 0x3, "27062ea7878b572876e746150d4d74914ca67cca09c98e4d63"}}]}) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 1.636700545s ago: executing program 5 (id=1063): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=") setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000002700)=ANY=[], 0x1015, 0x0) sync() lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)=@known='trusted.overlay.upper\x00', 0x0, 0x4000) 1.245478461s ago: executing program 5 (id=1066): timer_create(0x2, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r0, 0x0, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 1.180949052s ago: executing program 4 (id=1067): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000007000000060000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 1.070348273s ago: executing program 4 (id=1069): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='bridge_slave_0\x00', 0x10) connect$inet(r0, &(0x7f0000000540)={0x2, 0x4e60, @private=0xa010101}, 0x10) sendmmsg$inet(r0, &(0x7f0000004000)=[{{0x0, 0x0, 0x0}, 0xfffffdef}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000580)="e10d6faecce8f54b6d815d634383dab54e45b7bd961ce6bdfedc50b4ccdda2649e9863f5b7b32610ffff9a84", 0x2c}, {0x0}, {&(0x7f00000007c0)="eb1429c5c9c365b16855e3f73a58a260ef8babba5b699fe0e2c5dd6fbc62563223bf72919f7c3395adb6f5d25bc32c699283397b5d5c06ab9f385c2f39b1d82985b8db0a2243067a30ada2c43d4318d0511fa86421f9124f2a818adbb3c951925941e1764877a950a1ae7e730f8d00b9790d65380b1b281f46d1e62dedecdd66858edbb102e8b156b3aff1", 0x8b}, {&(0x7f00000005c0)="8c844f6c9bf3d08e6320e978596cc1028a3545abc3e190309f13cbd6df9abda472ca015381", 0x25}, {&(0x7f0000000880)="e75f03923c841e37be329cd577de787ed690c51d47bd2b5ec424d4b3263b965a95e7076bcb6eb77a0e224e8df139e80d0429fad913c913c8612a3cba4d54c05fee03d56d37722f8dee56fed32aea79d8fce2ec8373b01f218e048701d761071c963204f5959959e32402d259e6c508368e745eea208ecec447febc425661fe4798c3b6025d556fcb857d8e2e023c033ae3c5bf0e65151d4aa603572ed854bc294b1ae864f11317a2b9eec5ac6b39bfa4a7a1b2749c9650088fb09b7dbb1e6049909536192e6a35ee5b5696ce6e17cae5a418701c0edcbb8b14a88e224ac2c3fbf768", 0xfffffffffffffea1}, {&(0x7f0000000980)="079af4fd3884e81cfce57e4dbbdc477751cfec0241dfc84e2f7c637fa3bc3d22420a2ef70b355026e2e7f98838c113bc60679213dafa27654eb16dc4ab3f9f212d7a7a8359897ff2156c511090435456702cf1314dbba0f65138ffcb652896936a7b79199b553413f6deb769ef8c70ba98198bfd28fce8e350550349f8c9cf395a94df0a1a636c7d2942d7344c2cb6e8a68cc767398d21defb00e072c7109d1d28c1b2c791a1bff9b8a6a8ec37810a906a046b04e957faa5119b2cdd6fdea945d6911780f3a11822dbb36fcc5c2b6cb903a87a7166c7a25f8489678fe358f9a73ab2700e0e5a9b94df3d4b2cec8a2e6258eed9cf4acb73d1904351cd4c488e93b49a61692c6c05ca762816986f3614ceb159ba9d62597dfb6b266709286fa6990aaa10cd788957729fd02be2f3b24a3ddbbc18932f1650784628b8e0b525aef123e5f56ec5dde3d8bc02605eab5f652ba67ce616772a17e312ffe4aa7c5246de8bb5d8b412ddec400a1c0fde6522cc085e6bcffb43b1381c73f971f4ee0dc32eec34ee03dba07bbe7416734a062327945e2e480545b0be016430ada2a304a7c50af51ab9a1229a2507f5daf41cdbd9fe48647bff1b5201aefd8e14e05e670ef9e768d896ee632ff687fe1fa08d8e00384a5d92efe1fbbeae54dfa90465b50f90bbd50160366ffe31d4e273881db11c40a5f6f5c76f0ca134579540a9825b55b3dfe71cdb0b4e0556965052b7e2699234960bc839bee99551e55e8c07ac86d9cebc760525d721fd249c1d9a03a07978354aa528cbecd9d3e707d6ea594c29a1a593718b86aaf9fcf591b745c6bd70b0c39ab107403089d9da41b2ad5a2f61406cc59b7a1e9a5f4613c9914ca087c3c997ae77b81994db2c1bbc6d9cb29ba2450f138c62da3093d81a036d82a9b502ca24957f47c9fd0206ca6fe1db1e8aa545550ed9b2a28fc5a2d46db6403de5f85a17f2fb2767744118eb5d06c03f1dd26e437ac17d17554f66f78db4f8036cce21a61373650193d746804c8a4717695dc85acd2968ac524d78e8f12b14f6311c9eb61c833d3bed584df931b5553b98bbcf440257bd87692f065adaff82782a8cecc0b84aeb063306f317f2c22dc1968caf68c6ae8cbcdbd60b7105552be9339840dc7637e86bed798182ae04ac7e5b9920b2e8bab33626876db2255302d6e37a8bf9936d41d5511eca8c39e384920e4b04655dfb1b34ac36534f02574b1d914430f1c67f39dc78185ab23a309a75102d5cd342bf4531a3eb4dcbece74f8f64e5e020", 0x390}], 0x6, &(0x7f0000000080)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x13}}, @ip_ttl={{0x14, 0x0, 0x2, 0x2}}], 0x30}}], 0x2, 0x401eb94) 974.465345ms ago: executing program 4 (id=1071): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r1) sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x40000) 857.592797ms ago: executing program 4 (id=1072): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@dfltuid}]}}) 847.617057ms ago: executing program 1 (id=1073): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000700000008000000222000000000", @ANYRES32], 0x50) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb000800103afffe80"], 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan0\x00'}) 762.180489ms ago: executing program 1 (id=1074): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x24, r1, 0x93da7d9f096fa291, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000040}, 0x4000810) 682.22651ms ago: executing program 4 (id=1075): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r0, 0x0, 0x7351, 0x8001) ioctl$FITRIM(r0, 0x40406f06, &(0x7f00000000c0)={0x86, 0x7e4000, 0x20}) 667.32487ms ago: executing program 1 (id=1076): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000000)={0x1d, r2}, 0x10) 588.971241ms ago: executing program 1 (id=1077): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000580)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x2}]}, 0x24}}, 0x0) 452.524603ms ago: executing program 1 (id=1078): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x12, 0xf, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r1}, &(0x7f0000000440), &(0x7f0000000480)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r1, &(0x7f0000000340)="2f20b711c02a", &(0x7f0000000180)=""/14}, 0x20) 394.310444ms ago: executing program 1 (id=1079): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x6, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xa, 0x2) 258.863766ms ago: executing program 5 (id=1080): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="64000000000101"], 0x64}}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x5}, 0x1c) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) 68.377729ms ago: executing program 5 (id=1081): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newtaction={0x434, 0x30, 0x300, 0x71bd22, 0x25dfdbff, {}, [{0x4}, {0x41c, 0x1, [@m_bpf={0x9c, 0x6, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x6}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x5d, 0x6, "bfb48d1c9cbd39c403490f71e7c26903a2429639badf09f7f1460a1a37776d69ba43d012403ff817b805f05e15fda7d5abfefd6f88a71220a3dc2a6660c265b59ed90ce6980eda6d48215f2ed37602646c6855209b52b2022e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_csum={0x124, 0x10, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x6, 0x4, 0x6}, 0x32}}]}, {0xd9, 0x6, "51faf7335320ed7b354230acb137694145a70ec11e2f79535356bbabe75c1cf43e9599937f1222c821355d08c9296f647da3cee86f1d1307ada4d0439b9958f20eb60a1d09a36a8e8fe2b40dee67235407cc32d0443c90f719783f20e6af042b71dbe4822e96811047bc3dc33abb68997d8c395fcfde396685e34c9745023c01b8034c2a377139cd8f089779ee6e63205ae08445df2b7bc020bf93d087ce5855407ce1b50c7b8c9863ecdc8c8c115836bfc1cca102463d7fbd85dfbc9582fff4b7a15f5512df23731e9dd64cc418f9d0d8411afd63"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x134, 0x19, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xe215, 0x7fffffff, 0x5, 0x7, 0xd}, 0x70}}]}, {0xe9, 0x6, "f0b8bf92cf8611111a0ff27fcc8825ca405600cfd0f6876d2892df6b5723118bb7d9d86de0a2706031cc8c62f7d1b04f3a9ed11665c75023f87c16ce970413ede5e5f6782d0d17be877ac54c09075ed841c7daeddf3395a210eab4335ed3bcb36fe1598dc94259da01363ad59d8dc384cb8fe469869c99849bd0d19e999b2e8f62d563a2dcea91347cdc754302a566d6d8b7de1368972acbf9cfbdc3db5b71ceed91d4e9613e9cbf5e1ca71f3bf3b25cdf1ce11e5843ff89da11b01cf0b27474847e4fd8e648244e0dc6b3b99b8089d418ec3d6d27aa68b96ef236cc10ce12fb9c2fcd2426"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0x124, 0x1b, 0x0, 0x0, {{0x7}, {0x48, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0x7}, @TCA_CT_PARMS={0x18, 0x1, {0x2, 0x9, 0x6, 0x8000, 0xf8d}}, @TCA_CT_LABELS_MASK={0x14, 0x8, "a347c6f48aa43e01851034300e41aae2"}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x2b}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e20}]}, {0xb5, 0x6, "77b227832b90d1ff89f7a47093e4fcd6469c1b0a38a78e003c28c0247261b6866b44c2243e65a09e57be964fc0687b627bbda1f8bb6cacd9cf613adc84e00b323e932cbec11bfdac677d727e7547301900bdc7e317fc3b634794c43c0613b919323039d6099d9f9f41e0f9da2176ba0bb6dd198d0c2f84f876aceee9a631a5585232049c053fd7bbe1393ecb0aa735b3b1d360493f2ae18bbe6abade7594754d54413afc4df70a136895bf22a05abef0e8"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x434}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040850) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 55.212309ms ago: executing program 0 (id=1082): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=1083): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000001f) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x3, 0x0, 0x404042bbe) kernel console output (not intermixed with test programs): 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 119.530063][ T8] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 119.564102][ T8] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 119.580166][ T8] usb 1-1: config 128 has no interface number 0 [ 119.586669][ T8] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 59391, setting to 1024 [ 119.618952][ T8] usb 1-1: config 128 interface 127 has no altsetting 0 [ 119.639642][ T8] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 119.659195][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.670162][ T8] usb 1-1: Product: syz [ 119.674421][ T8] usb 1-1: Manufacturer: syz [ 119.689418][ T8] usb 1-1: SerialNumber: syz [ 119.720631][ T6490] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 120.124632][ T8] usb 1-1: USB disconnect, device number 2 [ 120.205673][ T5776] udevd[5776]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 120.232510][ T6509] loop2: detected capacity change from 0 to 512 [ 120.266844][ T6504] loop1: detected capacity change from 0 to 32768 [ 120.288016][ T6509] EXT4-fs (loop2): orphan cleanup on readonly fs [ 120.319786][ T6509] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.251: bg 0: block 248: padding at end of block bitmap is not set [ 120.330232][ T6504] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.250 (6504) [ 120.363900][ T6509] Quota error (device loop2): write_blk: dquota write failed [ 120.381084][ T6509] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 120.400135][ T6509] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.251: Failed to acquire dquot type 1 [ 120.432399][ T6502] loop3: detected capacity change from 0 to 32768 [ 120.442120][ T6502] XFS: noikeep mount option is deprecated. [ 120.453595][ T6504] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 120.465040][ T6504] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 120.478942][ T6504] BTRFS info (device loop1): using free space tree [ 120.485509][ T6509] EXT4-fs (loop2): 1 truncate cleaned up [ 120.529251][ T6509] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 120.542602][ T6502] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 120.716009][ T6509] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 120.788051][ T6504] BTRFS info (device loop1): enabling ssd optimizations [ 120.834852][ T6504] BTRFS info (device loop1): auto enabling async discard [ 120.873259][ T6509] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 120.940589][ T6502] XFS (loop3): Ending clean mount [ 120.965661][ T6502] XFS (loop3): Quotacheck needed: Please wait. [ 121.074267][ T6502] XFS (loop3): Quotacheck: Done. [ 121.138593][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.414306][ T5773] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 121.539420][ T1069] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 121.925249][ T5774] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 122.203242][ T6561] loop2: detected capacity change from 0 to 128 [ 122.293925][ T28] audit: type=1800 audit(1751312048.798:3): pid=6561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.260" name="file2" dev="loop2" ino=1048593 res=0 errno=0 [ 122.324706][ T6561] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 122.395678][ T6561] FAT-fs (loop2): Filesystem has been set read-only [ 122.424004][ T6561] syz.2.260: attempt to access beyond end of device [ 122.424004][ T6561] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 122.497068][ T6561] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 122.550465][ T6561] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 122.632890][ T6561] syz.2.260: attempt to access beyond end of device [ 122.632890][ T6561] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 122.702487][ T6561] syz.2.260: attempt to access beyond end of device [ 122.702487][ T6561] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 122.739232][ T6561] syz.2.260: attempt to access beyond end of device [ 122.739232][ T6561] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 123.035972][ T6577] loop1: detected capacity change from 0 to 256 [ 123.223625][ T6563] loop3: detected capacity change from 0 to 40427 [ 123.256337][ T6563] F2FS-fs (loop3): build fault injection attr: rate: 691, type: 0x7ffff [ 123.286661][ T6563] F2FS-fs (loop3): Image doesn't support compression [ 123.325601][ T6563] F2FS-fs (loop3): invalid crc value [ 123.335104][ T6584] +}[@ calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 123.365932][ T6563] F2FS-fs (loop3): Found nat_bits in checkpoint [ 123.548126][ T6563] F2FS-fs (loop3): Start checkpoint disabled! [ 123.567323][ T28] audit: type=1326 audit(1751312050.068:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9938e929 code=0x7ffc0000 [ 123.591590][ T6563] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 123.601413][ T28] audit: type=1326 audit(1751312050.068:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7eff9938e929 code=0x7ffc0000 [ 123.626476][ T28] audit: type=1326 audit(1751312050.068:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9938e929 code=0x7ffc0000 [ 123.681844][ T28] audit: type=1326 audit(1751312050.068:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9938e929 code=0x7ffc0000 [ 123.738743][ T28] audit: type=1326 audit(1751312050.098:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7eff9938e929 code=0x7ffc0000 [ 123.782050][ T28] audit: type=1326 audit(1751312050.098:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9938e929 code=0x7ffc0000 [ 124.050359][ T5779] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 124.250347][ T5779] usb 2-1: Using ep0 maxpacket: 8 [ 124.271051][ T5779] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 124.293102][ T5779] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.302027][ T5779] usb 2-1: Product: syz [ 124.306482][ T5779] usb 2-1: Manufacturer: syz [ 124.311842][ T5779] usb 2-1: SerialNumber: syz [ 124.325346][ T5779] usb 2-1: config 0 descriptor?? [ 124.366891][ T5779] gspca_main: sq930x-2.14.0 probing 2770:930c [ 124.558191][ T6607] loop0: detected capacity change from 0 to 1024 [ 124.617983][ T6607] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.836511][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.207032][ T5779] gspca_sq930x: ucbus_write failed -71 [ 125.337490][ T6630] loop3: detected capacity change from 0 to 512 [ 125.450311][ T5779] gspca_sq930x: Sensor ov9630 not yet treated [ 125.453002][ T6630] EXT4-fs (loop3): 1 orphan inode deleted [ 125.456532][ T5779] sq930x: probe of 2-1:0.0 failed with error -22 [ 125.464868][ T6630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.491097][ T1103] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 125.520399][ T1103] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:8: Failed to release dquot type 1 [ 125.533736][ T5779] usb 2-1: USB disconnect, device number 5 [ 125.550294][ T6630] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.756410][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.771650][ T6622] loop0: detected capacity change from 0 to 32768 [ 125.795707][ T1103] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 125.832327][ T1103] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:8: Failed to release dquot type 1 [ 125.861379][ T6622] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 126.152253][ T6642] loop3: detected capacity change from 0 to 4096 [ 126.186585][ T6622] XFS (loop0): Ending clean mount [ 126.186814][ T6642] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 126.209968][ T6622] XFS (loop0): Quotacheck needed: Please wait. [ 126.344950][ T6628] loop2: detected capacity change from 0 to 40427 [ 126.364042][ T6622] XFS (loop0): Quotacheck: Done. [ 126.386359][ T6628] F2FS-fs (loop2): build fault injection attr: rate: 4, type: 0x7ffff [ 126.407855][ T6628] F2FS-fs (loop2): Image doesn't support compression [ 126.462262][ T6628] F2FS-fs (loop2): Image doesn't support compression [ 126.469049][ T6628] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4 [ 126.540976][ T6628] F2FS-fs (loop2): invalid crc value [ 126.598434][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x156/0x580 [ 126.664681][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920 [ 126.714619][ T6628] F2FS-fs (loop2): Found nat_bits in checkpoint [ 126.779760][ T5775] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 126.797791][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920 [ 126.809646][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920 [ 126.836266][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x156/0x580 [ 126.889017][ T6628] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 127.092398][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of __get_node_page+0x17b/0xf40 [ 127.140980][ T6628] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910 [ 127.252909][ T6659] loop3: detected capacity change from 0 to 64 [ 127.295465][ T5777] syz-executor: attempt to access beyond end of device [ 127.295465][ T5777] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 127.345712][ T6660] serio: Serial port ptm0 [ 127.364348][ T5777] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 127.391866][ T5777] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 127.408197][ T6659] hfs: walked past end of dir [ 127.763038][ T6665] loop1: detected capacity change from 0 to 4096 [ 127.860649][ T6665] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 128.066735][ T28] audit: type=1800 audit(1751312054.558:10): pid=6665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.301" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 128.660879][ T6678] loop2: detected capacity change from 0 to 4096 [ 128.700143][ T6678] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 128.854816][ T6668] loop3: detected capacity change from 0 to 40427 [ 128.867356][ T6668] F2FS-fs (loop3): heap/no_heap options were deprecated [ 128.929698][ T6668] F2FS-fs (loop3): invalid crc value [ 128.977606][ T6668] F2FS-fs (loop3): Found nat_bits in checkpoint [ 128.988724][ T6678] ntfs3: loop2: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record [ 129.218829][ T6668] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 129.253280][ T1069] ntfs3: loop2: ino=1e, failed to parse mft record [ 129.753043][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 129.909364][ T6686] loop0: detected capacity change from 0 to 32768 [ 129.929663][ T6686] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.310 (6686) [ 129.961303][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 129.967390][ T6686] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 129.988214][ T9] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 129.998652][ T6686] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 130.008502][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.017693][ T6686] BTRFS info (device loop0): using free space tree [ 130.031264][ T9] usb 2-1: Product: syz [ 130.036791][ T9] usb 2-1: Manufacturer: syz [ 130.046268][ T9] usb 2-1: SerialNumber: syz [ 130.067041][ T9] usb 2-1: config 0 descriptor?? [ 130.089321][ T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 130.109681][ T9] usb 2-1: setting power ON [ 130.143044][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 130.167992][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 130.184750][ T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 130.201320][ T9] usb 2-1: media controller created [ 130.204052][ T6686] BTRFS info (device loop0): enabling ssd optimizations [ 130.238177][ T6686] BTRFS info (device loop0): auto enabling async discard [ 130.239890][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 130.299776][ T9] usb 2-1: selecting invalid altsetting 6 [ 130.312419][ T9] usb 2-1: digital interface selection failed (-22) [ 130.323978][ T6698] dvb-usb: bulk message failed: -22 (3/0) [ 130.331657][ T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 130.342904][ T6698] dvb-usb: bulk message failed: -22 (5/0) [ 130.360240][ T9] usb 2-1: setting power OFF [ 130.368442][ T6728] dvb-usb: bulk message failed: -22 (4/0) [ 130.382351][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 130.391119][ T6728] cxusb: i2c read failed [ 130.399417][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 130.427003][ T6724] netlink: 72 bytes leftover after parsing attributes in process `syz.3.319'. [ 130.437658][ T9] (NULL device *): no alternate interface [ 130.527799][ T5775] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 130.582040][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 130.612686][ T9] usb 2-1: USB disconnect, device number 6 [ 131.362017][ T6746] loop0: detected capacity change from 0 to 8 [ 131.877594][ T6762] netlink: 28 bytes leftover after parsing attributes in process `syz.0.335'. [ 131.925230][ T6762] ip6tnl1: entered promiscuous mode [ 132.087494][ T6769] netlink: 104 bytes leftover after parsing attributes in process `syz.3.338'. [ 132.176391][ T6772] loop0: detected capacity change from 0 to 512 [ 132.260760][ T5778] Bluetooth: hci3: command tx timeout [ 132.282649][ T6772] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.342353][ T6783] Bluetooth: MGMT ver 1.22 [ 132.345263][ T6772] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.491981][ T6772] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.340: bg 0: block 248: padding at end of block bitmap is not set [ 132.543653][ T6772] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 132.575219][ T6788] loop3: detected capacity change from 0 to 2048 [ 132.604118][ T6788] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 132.616013][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.659512][ T6790] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 132.781884][ T5779] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 132.820471][ T786] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 132.970419][ T5779] usb 3-1: Using ep0 maxpacket: 8 [ 132.982006][ T5779] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.997562][ T5779] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 133.011122][ T5779] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 133.020759][ T786] usb 2-1: Using ep0 maxpacket: 16 [ 133.027515][ T5779] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 133.036801][ T5779] usb 3-1: Product: syz [ 133.047210][ T5779] usb 3-1: Manufacturer: syz [ 133.052831][ T786] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 133.070102][ T5779] usb 3-1: SerialNumber: syz [ 133.081202][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 133.098601][ T5779] usb 3-1: config 0 descriptor?? [ 133.104800][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 133.126396][ T786] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 133.153270][ T786] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 133.193817][ T786] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 133.210161][ T786] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 133.218245][ T786] usb 2-1: Manufacturer: syz [ 133.228111][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.235344][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.252106][ T786] usb 2-1: config 0 descriptor?? [ 133.381800][ T968] usb 3-1: USB disconnect, device number 4 [ 133.485033][ T6803] netlink: 8 bytes leftover after parsing attributes in process `syz.3.352'. [ 133.515095][ T6803] netlink: 3 bytes leftover after parsing attributes in process `syz.3.352'. [ 133.554320][ T6803] batadv1: entered promiscuous mode [ 133.559618][ T6803] batadv1: entered allmulticast mode [ 133.565577][ T786] rc_core: IR keymap rc-hauppauge not found [ 133.576031][ T6803] Zero length message leads to an empty skb [ 133.578827][ T786] Registered IR keymap rc-empty [ 133.588209][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 133.632986][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 133.674486][ T786] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 133.711459][ T786] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input8 [ 133.749432][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 133.811238][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 133.840327][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 133.969199][ T6812] loop0: detected capacity change from 0 to 128 [ 133.989788][ T6812] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 134.491202][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 134.571950][ T6818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.358'. [ 134.706523][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 134.729849][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 134.759136][ T9] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 134.796853][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.911683][ T9] usb 3-1: config 0 descriptor?? [ 135.379754][ T9] hid (null): invalid report_size 41201 [ 135.436070][ T9] hid (null): unknown global tag 0xe [ 135.444927][ T6826] usb usb8: usbfs: process 6826 (syz.0.362) did not claim interface 0 before use [ 135.465828][ T9] hid (null): unknown global tag 0xe [ 135.482957][ T9] hid (null): bogus close delimiter [ 135.583828][ T9] usb 3-1: USB disconnect, device number 5 [ 135.799993][ C1] sched: RT throttling activated [ 135.815503][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.025231][ T6834] loop1: detected capacity change from 0 to 256 [ 136.093442][ T6834] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3ec, utbl_chksum : 0xe619d30d) [ 136.106795][ T54] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 136.318129][ T54] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 136.350338][ T54] usb 1-1: config 0 has no interface number 0 [ 136.378685][ T6810] loop3: detected capacity change from 0 to 262144 [ 136.378688][ T54] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 136.378734][ T54] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 136.388739][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.438313][ T6810] F2FS-fs (loop3): invalid crc value [ 136.450430][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.461292][ T54] usb 1-1: config 0 interface 255 has no altsetting 0 [ 136.480842][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.493247][ T6810] F2FS-fs (loop3): Found nat_bits in checkpoint [ 136.497113][ T54] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 136.515977][ T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.537196][ T54] usb 1-1: config 0 descriptor?? [ 136.578385][ T6810] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 136.587402][ T54] ums-realtek 1-1:0.255: USB Mass Storage device detected [ 136.600132][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.638726][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.700293][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.751321][ T786] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 136.792408][ T786] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 136.837267][ T786] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 136.849507][ T54] usb 1-1: USB disconnect, device number 3 [ 136.902485][ T786] usb 2-1: USB disconnect, device number 7 [ 137.802355][ T6849] loop2: detected capacity change from 0 to 32768 [ 137.826022][ T6849] XFS: ikeep mount option is deprecated. [ 137.891319][ T6849] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 138.127417][ T6849] XFS (loop2): Ending clean mount [ 138.141574][ T6849] XFS (loop2): Quotacheck needed: Please wait. [ 138.230798][ T6849] XFS (loop2): Quotacheck: Done. [ 138.556572][ T5777] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 138.752421][ T6857] loop0: detected capacity change from 0 to 32768 [ 138.882214][ T6857] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 138.917928][ T6878] netlink: 48 bytes leftover after parsing attributes in process `syz.1.379'. [ 139.093210][ T6857] XFS (loop0): Ending clean mount [ 139.456878][ T5775] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 140.091172][ T6900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.371'. [ 140.123183][ T6900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.371'. [ 140.518831][ T6916] loop3: detected capacity change from 0 to 512 [ 140.535692][ T6916] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 140.561864][ T6916] EXT4-fs (loop3): 1 truncate cleaned up [ 140.583280][ T6918] loop1: detected capacity change from 0 to 1024 [ 140.591308][ T6916] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.756837][ T6905] loop2: detected capacity change from 0 to 32768 [ 140.898065][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.992295][ T6905] find_entry called with index = 0 [ 140.999666][ T6905] read_mapping_page failed! [ 141.050623][ T6905] ERROR: (device loop2): txCommit: [ 141.050623][ T6905] [ 141.221807][ T6927] syzkaller1: tun_chr_ioctl cmd 2148553947 [ 141.418720][ T6931] netem: change failed [ 141.685193][ T6939] loop2: detected capacity change from 0 to 64 [ 141.816989][ T6939] hfs: walked past end of dir [ 141.980436][ T6943] loop1: detected capacity change from 0 to 4096 [ 142.006385][ T6943] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 142.118086][ T6951] loop3: detected capacity change from 0 to 2048 [ 142.130202][ T6943] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 142.201156][ T6951] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 143.661756][ T6979] loop1: detected capacity change from 0 to 16 [ 143.743471][ T6979] erofs: (device loop1): mounted with root inode @ nid 36. [ 143.990756][ T968] IPVS: starting estimator thread 0... [ 144.150427][ T6982] IPVS: using max 17 ests per chain, 40800 per kthread [ 144.801662][ T6992] netlink: 24 bytes leftover after parsing attributes in process `syz.0.427'. [ 145.314581][ T6965] loop3: detected capacity change from 0 to 262144 [ 145.385338][ T6965] F2FS-fs (loop3): Found nat_bits in checkpoint [ 145.457438][ T6965] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 146.442749][ T7021] loop2: detected capacity change from 0 to 512 [ 146.520382][ T7021] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.543510][ T7021] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.873449][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.034953][ T7028] loop0: detected capacity change from 0 to 4096 [ 147.262986][ T7035] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 147.600385][ T7041] program syz.2.448 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 147.676145][ T7043] loop1: detected capacity change from 0 to 1024 [ 147.757535][ T7043] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 147.873200][ T7045] loop2: detected capacity change from 0 to 2048 [ 147.952902][ T7045] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.251766][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.970403][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 149.190137][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 149.202203][ T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 149.240063][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.279335][ T9] pvrusb2: Hardware description: Terratec Grabster AV400 [ 149.300533][ T9] pvrusb2: ********** [ 149.304593][ T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 149.348839][ T9] pvrusb2: Important functionality might not be entirely working. [ 149.381440][ T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 149.412553][ T9] pvrusb2: ********** [ 149.496804][ T2322] pvrusb2: Invalid write control endpoint [ 149.732314][ T2322] pvrusb2: Invalid write control endpoint [ 149.750680][ T2322] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 149.790974][ T2322] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 149.819140][ T2322] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 149.850035][ T2322] pvrusb2: Device being rendered inoperable [ 149.861127][ T9] usb 3-1: USB disconnect, device number 6 [ 149.889793][ T2322] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 149.923954][ T2322] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 149.951210][ T7062] loop1: detected capacity change from 0 to 32768 [ 149.983582][ T7062] XFS: noikeep mount option is deprecated. [ 149.995533][ T2322] pvrusb2: Attached sub-driver cx25840 [ 150.028222][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 150.053557][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 150.058789][ T7062] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 150.229734][ T7062] XFS (loop1): Ending clean mount [ 150.249448][ T7062] XFS (loop1): Quotacheck needed: Please wait. [ 150.335376][ T7062] XFS (loop1): Quotacheck: Done. [ 150.519695][ T5774] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 152.147320][ T7088] loop2: detected capacity change from 0 to 40427 [ 152.172205][ T7088] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 152.215760][ T7088] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 152.256323][ T7088] F2FS-fs (loop2): invalid crc value [ 152.281609][ T7088] F2FS-fs (loop2): Found nat_bits in checkpoint [ 152.496424][ T7088] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 152.529366][ T7088] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 153.092757][ T7131] veth1_to_batadv: entered promiscuous mode [ 153.391164][ T7137] sctp: [Deprecated]: syz.1.485 (pid 7137) Use of struct sctp_assoc_value in delayed_ack socket option. [ 153.391164][ T7137] Use struct sctp_sack_info instead [ 153.508686][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.480'. [ 153.678815][ T7145] bridge0: port 3(syz_tun) entered blocking state [ 153.690733][ T7145] bridge0: port 3(syz_tun) entered disabled state [ 153.697616][ T7145] syz_tun: entered allmulticast mode [ 153.726039][ T7145] syz_tun: entered promiscuous mode [ 153.739294][ T7145] bridge0: port 3(syz_tun) entered blocking state [ 153.746112][ T7145] bridge0: port 3(syz_tun) entered forwarding state [ 153.929602][ T7154] loop1: detected capacity change from 0 to 1024 [ 154.069025][ T7154] hfsplus: bad catalog entry type [ 154.180842][ T3469] hfsplus: b-tree write err: -5, ino 4 [ 154.687976][ T7171] netlink: 88 bytes leftover after parsing attributes in process `syz.0.499'. [ 154.817424][ T28] audit: type=1326 audit(1751312081.318:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.3.500" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x0 [ 154.989045][ T7160] loop2: detected capacity change from 0 to 32768 [ 155.015886][ T7160] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.496 (7160) [ 155.044686][ T7160] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 155.068750][ T7160] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 155.091997][ T7160] BTRFS info (device loop2): using free space tree [ 155.205079][ T7160] BTRFS info (device loop2): enabling ssd optimizations [ 155.222094][ T7160] BTRFS info (device loop2): auto enabling async discard [ 155.546388][ T1069] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 155.661871][ T5777] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 155.942742][ T5776] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 12 /dev/loop2 scanned by udevd (5776) [ 156.580360][ T7204] loop1: detected capacity change from 0 to 32768 [ 156.655787][ T7204] JBD2: Ignoring recovery information on journal [ 156.825882][ T7211] loop0: detected capacity change from 0 to 32768 [ 156.845760][ T7211] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12 [ 156.915235][ T7204] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 157.254339][ T7222] loop3: detected capacity change from 0 to 4096 [ 157.297517][ T6732] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12 [ 157.732742][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 157.946776][ T7222] ntfs3: loop3: failed to convert "0080" to koi8-ru [ 158.083705][ T7222] ntfs3: loop3: failed to convert name for inode 1e. [ 158.130242][ T7222] ntfs3: loop3: failed to convert "256c" to koi8-ru [ 158.975210][ T7231] veth1_to_batadv: entered promiscuous mode [ 159.046990][ T7235] loop3: detected capacity change from 0 to 256 [ 159.613557][ T7223] loop2: detected capacity change from 0 to 262144 [ 159.636995][ T7223] F2FS-fs (loop2): invalid crc value [ 159.665852][ T7223] F2FS-fs (loop2): Found nat_bits in checkpoint [ 159.725254][ T7223] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 160.789256][ T7268] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 160.802632][ T7249] loop0: detected capacity change from 0 to 32768 [ 160.816858][ T7249] XFS: noikeep mount option is deprecated. [ 160.875516][ T7249] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 161.007410][ T7249] XFS (loop0): Ending clean mount [ 161.025926][ T7249] XFS (loop0): Quotacheck needed: Please wait. [ 161.128496][ T7249] XFS (loop0): Quotacheck: Done. [ 161.293646][ T5775] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 162.150163][ T28] audit: type=1326 audit(1751312088.628:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 162.269264][ T28] audit: type=1326 audit(1751312088.628:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 162.414244][ T28] audit: type=1326 audit(1751312088.628:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 162.537150][ T28] audit: type=1326 audit(1751312088.638:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 162.615765][ T28] audit: type=1326 audit(1751312088.638:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 162.720329][ T28] audit: type=1326 audit(1751312088.638:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 162.872417][ T28] audit: type=1326 audit(1751312088.638:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 163.000091][ T28] audit: type=1326 audit(1751312088.638:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7286 comm="syz.3.539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135138e929 code=0x7ffc0000 [ 163.810497][ T7306] input: syz1 as /devices/virtual/input/input9 [ 164.622746][ T7287] loop0: detected capacity change from 0 to 262144 [ 164.676168][ T7287] F2FS-fs (loop0): invalid crc value [ 164.703400][ T7287] F2FS-fs (loop0): Found nat_bits in checkpoint [ 164.756353][ T7328] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 164.761094][ T7287] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 164.856942][ T7328] pimreg: entered allmulticast mode [ 165.936992][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.160778][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.360632][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.445197][ T7342] loop2: detected capacity change from 0 to 40427 [ 166.470457][ T7342] F2FS-fs (loop2): heap/no_heap options were deprecated [ 166.534603][ T7342] F2FS-fs (loop2): invalid crc value [ 166.613180][ T7342] F2FS-fs (loop2): Found nat_bits in checkpoint [ 166.642721][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.827688][ T7342] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 167.416953][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 167.436387][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 167.472673][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 167.487624][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 167.496480][ T5787] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 167.512008][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 167.804612][ T7378] netlink: 72 bytes leftover after parsing attributes in process `syz.1.567'. [ 168.334844][ T7386] loop1: detected capacity change from 0 to 1024 [ 168.935724][ T7405] netlink: 8 bytes leftover after parsing attributes in process `syz.1.574'. [ 169.207297][ T7414] program syz.1.576 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 169.497905][ T7422] loop1: detected capacity change from 0 to 1024 [ 169.549139][ T7417] tipc: Started in network mode [ 169.556323][ T7417] tipc: Node identity 7365725f69643d3, cluster identity 4711 [ 169.569805][ T7417] tipc: Enabling of bearer rejected, failed to enable media [ 169.620661][ T5787] Bluetooth: hci1: command tx timeout [ 170.049199][ T7432] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 170.112808][ T7371] chnl_net:caif_netlink_parms(): no params data found [ 170.132330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 170.489796][ T7444] loop1: detected capacity change from 0 to 512 [ 170.518571][ T7444] EXT4-fs: Ignoring removed orlov option [ 170.612725][ T7444] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.647642][ T7444] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.915158][ T7371] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.932847][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.945103][ T7371] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.952982][ T7371] bridge_slave_0: entered allmulticast mode [ 170.960763][ T7371] bridge_slave_0: entered promiscuous mode [ 170.991359][ T7371] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.048215][ T7371] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.083112][ T7371] bridge_slave_1: entered allmulticast mode [ 171.111091][ T7371] bridge_slave_1: entered promiscuous mode [ 171.265176][ T12] hsr_slave_0: left promiscuous mode [ 171.299928][ T12] hsr_slave_1: left promiscuous mode [ 171.313980][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.335858][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 171.361693][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.395604][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 171.419820][ T12] bridge_slave_1: left allmulticast mode [ 171.433144][ T12] bridge_slave_1: left promiscuous mode [ 171.453383][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.512212][ T12] bridge_slave_0: left allmulticast mode [ 171.528190][ T12] bridge_slave_0: left promiscuous mode [ 171.553412][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.700434][ T5787] Bluetooth: hci1: command tx timeout [ 171.718678][ T12] veth1_macvtap: left promiscuous mode [ 171.740812][ T12] veth0_macvtap: left promiscuous mode [ 171.765010][ T12] veth1_vlan: left promiscuous mode [ 171.783189][ T12] veth0_vlan: left promiscuous mode [ 172.211546][ T7488] loop2: detected capacity change from 0 to 2048 [ 172.266026][ T7488] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.293497][ T7488] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.428580][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.090634][ T12] team0 (unregistering): Port device team_slave_1 removed [ 173.165228][ T12] team0 (unregistering): Port device team_slave_0 removed [ 173.220570][ T7494] loop2: detected capacity change from 0 to 40427 [ 173.243337][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 173.252570][ T7494] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff [ 173.280649][ T7494] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x2 [ 173.289597][ T7494] F2FS-fs (loop2): Image doesn't support compression [ 173.311573][ T7494] F2FS-fs (loop2): Image doesn't support compression [ 173.324524][ T7494] F2FS-fs (loop2): invalid crc value [ 173.360229][ T7494] F2FS-fs (loop2): Found nat_bits in checkpoint [ 173.395579][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 173.445780][ T7494] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 173.495615][ T28] audit: type=1800 audit(1751312099.998:20): pid=7494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.601" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 173.562906][ T5777] syz-executor: attempt to access beyond end of device [ 173.562906][ T5777] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 173.579838][ T5777] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 173.780688][ T5787] Bluetooth: hci1: command tx timeout [ 174.490864][ T12] bond0 (unregistering): Released all slaves [ 174.687014][ T7506] sctp: [Deprecated]: syz.2.605 (pid 7506) Use of int in max_burst socket option deprecated. [ 174.687014][ T7506] Use struct sctp_assoc_value instead [ 174.715421][ T7371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.761169][ T7471] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 174.841366][ T7371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.013999][ T7510] loop1: detected capacity change from 0 to 2048 [ 175.079190][ T7371] team0: Port device team_slave_0 added [ 175.092287][ T7510] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.145470][ T7371] team0: Port device team_slave_1 added [ 175.198574][ T7510] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz.1.608: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 175.288091][ T7510] EXT4-fs (loop1): Remounting filesystem read-only [ 175.429842][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.433855][ T7371] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.460079][ T7371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.536305][ T7371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.630150][ T7371] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.665797][ T7371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.743739][ T7371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.860653][ T5787] Bluetooth: hci1: command tx timeout [ 176.064970][ T7371] hsr_slave_0: entered promiscuous mode [ 176.076790][ T7371] hsr_slave_1: entered promiscuous mode [ 176.084869][ T7371] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.094460][ T7371] Cannot create hsr debugfs directory [ 176.562721][ T7556] loop0: detected capacity change from 0 to 4096 [ 176.784580][ T7563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.623'. [ 176.864616][ T7371] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 176.911634][ T7371] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 176.927620][ T7556] overlayfs: upper fs does not support tmpfile. [ 176.962958][ T7371] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 176.998257][ T7556] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 177.038033][ T7566] loop2: detected capacity change from 0 to 512 [ 177.070696][ T7371] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 177.177689][ T7566] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 177.250914][ T7566] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 177.315018][ T7371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.347576][ T7566] EXT4-fs (loop2): 1 truncate cleaned up [ 177.355757][ T7371] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.364888][ T7566] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.418814][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.426156][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.444913][ T5776] udevd[5776]: failed to send result of seq 12567 to main daemon: Connection refused [ 177.532817][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.540139][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.634414][ T7577] tipc: Enabling of bearer rejected, failed to enable media [ 177.698350][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.976758][ T7592] netlink: 'syz.0.631': attribute type 12 has an invalid length. [ 177.990859][ T7592] netlink: 'syz.0.631': attribute type 29 has an invalid length. [ 178.025771][ T7592] netlink: 'syz.0.631': attribute type 2 has an invalid length. [ 178.034470][ T7592] netlink: 'syz.0.631': attribute type 2 has an invalid length. [ 178.046731][ T7592] netlink: 'syz.0.631': attribute type 1 has an invalid length. [ 178.054728][ T7592] netlink: 'syz.0.631': attribute type 37 has an invalid length. [ 178.065539][ T7592] netlink: 'syz.0.631': attribute type 2 has an invalid length. [ 178.073425][ T7592] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.100569][ T968] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 178.142866][ T7371] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.323067][ T968] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 178.331429][ T968] usb 3-1: config 0 has no interface number 0 [ 178.342330][ T968] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 178.351878][ T968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.359936][ T968] usb 3-1: Product: syz [ 178.379371][ T968] usb 3-1: Manufacturer: syz [ 178.387733][ T968] usb 3-1: SerialNumber: syz [ 178.397945][ T968] usb 3-1: config 0 descriptor?? [ 178.527534][ T7610] netlink: 'syz.1.637': attribute type 13 has an invalid length. [ 178.541355][ T7610] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.637'. [ 178.635353][ T968] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 178.656514][ T968] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 178.667023][ T5779] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 178.690946][ T968] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 178.699072][ T968] usb 3-1: media controller created [ 178.707856][ T7371] veth0_vlan: entered promiscuous mode [ 178.736984][ T7371] veth1_vlan: entered promiscuous mode [ 178.754699][ T968] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 178.825127][ T7371] veth0_macvtap: entered promiscuous mode [ 178.842854][ T7371] veth1_macvtap: entered promiscuous mode [ 178.871017][ T7371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.882569][ T5779] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 178.891267][ T5779] usb 1-1: config 0 has no interface number 0 [ 178.894496][ T7371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.900301][ T5779] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 178.925001][ T7371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.926162][ T5779] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid maxpacket 255, setting to 64 [ 178.935781][ T7371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.954008][ T5779] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 178.957186][ T7371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 178.966435][ T5779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.983770][ T7371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 178.990641][ T5779] usb 1-1: config 0 descriptor?? [ 178.999626][ T7371] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.009855][ T7606] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 179.035476][ T5779] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input10 [ 179.056194][ T7371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.074540][ T7371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.087526][ T7371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.098953][ T7371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.115126][ T7371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 179.127244][ T7371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 179.149383][ T7371] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.179676][ T7371] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.197275][ T7371] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.207222][ T7371] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.216239][ T7371] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.358128][ T5779] usb 1-1: USB disconnect, device number 4 [ 179.418949][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.439661][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.494638][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.510190][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.638941][ T7624] netlink: 20 bytes leftover after parsing attributes in process `syz.4.562'. [ 179.656424][ T7624] netem: invalid attributes len -18 [ 179.661982][ T7624] netem: change failed [ 179.863292][ T968] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 179.975924][ T968] usb 3-1: USB disconnect, device number 7 [ 180.300404][ T7639] input: syz1 as /devices/virtual/input/input11 [ 180.306853][ T7639] input: failed to attach handler leds to device input11, error: -6 [ 180.344757][ T7638] loop0: detected capacity change from 0 to 4096 [ 180.410035][ T7638] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 180.457753][ T7638] ntfs3: loop0: Failed to load $Extend (-22). [ 180.468860][ T7638] ntfs3: loop0: Failed to initialize $Extend. [ 180.479795][ T7645] loop4: detected capacity change from 0 to 256 [ 180.513552][ T7645] exfat: Deprecated parameter 'namecase' [ 180.519371][ T7645] exfat: Deprecated parameter 'utf8' [ 180.568445][ T7645] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 180.662258][ T7645] autofs4:pid:7645:autofs_fill_super: could not open pipe file descriptor [ 180.723767][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 180.889453][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.658'. [ 180.930827][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 180.947957][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 180.959596][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.978457][ T8] pvrusb2: Hardware description: Terratec Grabster AV400 [ 180.986292][ T8] pvrusb2: ********** [ 180.990741][ T8] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 181.004575][ T8] pvrusb2: Important functionality might not be entirely working. [ 181.012827][ T8] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 181.024990][ T8] pvrusb2: ********** [ 181.212874][ T2322] pvrusb2: Invalid write control endpoint [ 181.402818][ T7668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.663'. [ 181.412813][ T2322] pvrusb2: Invalid write control endpoint [ 181.418688][ T2322] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 181.473387][ T2322] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 181.488200][ T2322] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 181.504768][ T2322] pvrusb2: Device being rendered inoperable [ 181.527674][ T2322] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 181.537224][ T5822] usb 2-1: USB disconnect, device number 8 [ 181.561394][ T2322] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 181.588218][ T2322] pvrusb2: Attached sub-driver cx25840 [ 181.607345][ T2322] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 181.637071][ T2322] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 183.261186][ T7670] loop4: detected capacity change from 0 to 40427 [ 183.286156][ T7670] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff [ 183.309051][ T7670] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x2 [ 183.332752][ T7670] F2FS-fs (loop4): Image doesn't support compression [ 183.353308][ T7670] F2FS-fs (loop4): Image doesn't support compression [ 183.386100][ T7670] F2FS-fs (loop4): invalid crc value [ 183.476786][ T7670] F2FS-fs (loop4): Found nat_bits in checkpoint [ 183.555923][ T7661] loop0: detected capacity change from 0 to 262144 [ 183.578378][ T7661] F2FS-fs (loop0): Found nat_bits in checkpoint [ 183.640421][ T7661] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 183.649168][ T7670] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 183.747542][ T28] audit: type=1800 audit(1751312110.248:21): pid=7670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.664" name="bus" dev="loop4" ino=10 res=0 errno=0 [ 183.811225][ T7371] syz-executor: attempt to access beyond end of device [ 183.811225][ T7371] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 183.850073][ T7371] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 184.426874][ T7709] loop2: detected capacity change from 0 to 128 [ 184.657537][ T7713] mkiss: ax0: crc mode is auto. [ 185.168056][ T7725] loop1: detected capacity change from 0 to 512 [ 185.232235][ T7725] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.287869][ T7725] ext4 filesystem being mounted at /198/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.600818][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.870313][ T7740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.692'. [ 186.159600][ T7749] TCP: TCP_TX_DELAY enabled [ 186.168114][ T7750] netlink: 'syz.0.673': attribute type 4 has an invalid length. [ 186.537993][ T7766] tap0: tun_chr_ioctl cmd 1074025677 [ 186.550875][ T7766] tap0: linktype set to 0 [ 186.691937][ T7772] loop0: detected capacity change from 0 to 1024 [ 186.793705][ T7771] hfsplus: invalid extended attribute record [ 186.882367][ T12] hfsplus: b-tree write err: -5, ino 4 [ 187.145632][ T7760] loop1: detected capacity change from 0 to 32768 [ 187.173029][ T7760] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.699 (7760) [ 187.232453][ T7760] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 187.244074][ T7760] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 187.253121][ T7760] BTRFS info (device loop1): enabling auto defrag [ 187.259755][ T7760] BTRFS info (device loop1): doing ref verification [ 187.269931][ T7760] BTRFS info (device loop1): use no compression [ 187.284568][ T7760] BTRFS info (device loop1): force clearing of disk cache [ 187.299727][ T7760] BTRFS info (device loop1): setting nodatacow, compression disabled [ 187.316512][ T7760] BTRFS info (device loop1): disabling free space tree [ 187.331384][ T7790] raw_sendmsg: syz.4.715 forgot to set AF_INET. Fix it! [ 187.481111][ T7760] BTRFS info (device loop1): enabling ssd optimizations [ 187.494914][ T7801] loop4: detected capacity change from 0 to 4096 [ 187.500478][ T7760] BTRFS info (device loop1): auto enabling async discard [ 187.508155][ T7809] netlink: 36 bytes leftover after parsing attributes in process `syz.2.718'. [ 187.517356][ T7760] BTRFS info (device loop1): rebuilding free space tree [ 187.547180][ T7801] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 187.600692][ T7801] ntfs3: loop4: Failed to load $Extend (-22). [ 187.615385][ T7801] ntfs3: loop4: Failed to initialize $Extend. [ 187.625312][ T7760] BTRFS info (device loop1): disabling free space tree [ 187.634498][ T7760] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 187.644546][ T7760] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 187.889790][ T5774] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 188.310187][ T5822] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 188.507065][ T5822] usb 5-1: config 0 has an invalid interface number: 227 but max is 0 [ 188.529611][ T5822] usb 5-1: config 0 has no interface number 0 [ 188.536798][ T5822] usb 5-1: config 0 interface 227 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 188.558761][ T5822] usb 5-1: config 0 interface 227 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 188.578637][ T7841] ALSA: mixer_oss: invalid OSS volume '·' [ 188.585030][ T5822] usb 5-1: config 0 interface 227 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 188.605381][ T5822] usb 5-1: config 0 interface 227 has no altsetting 0 [ 188.623131][ T5822] usb 5-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=58.dd [ 188.632865][ T5822] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.648079][ T5822] usb 5-1: Product: syz [ 188.664133][ T5822] usb 5-1: Manufacturer: syz [ 188.664673][ T7840] loop1: detected capacity change from 0 to 4096 [ 188.668791][ T5822] usb 5-1: SerialNumber: syz [ 188.708988][ T5822] usb 5-1: config 0 descriptor?? [ 188.721196][ T7824] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 188.732427][ T5822] usbtouchscreen: probe of 5-1:0.227 failed with error -90 [ 188.765197][ T7840] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 188.796902][ T7840] ntfs3: loop1: Failed to load $Extend (-22). [ 188.804211][ T7840] ntfs3: loop1: Failed to initialize $Extend. [ 188.904388][ T7853] netlink: 56 bytes leftover after parsing attributes in process `syz.0.737'. [ 189.003859][ T8] usb 5-1: USB disconnect, device number 2 [ 189.031434][ T7855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.738'. [ 189.418204][ T7873] loop2: detected capacity change from 0 to 512 [ 189.496335][ T7873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.509351][ T7873] ext4 filesystem being mounted at /189/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 189.584389][ T7880] netlink: 20 bytes leftover after parsing attributes in process `syz.0.748'. [ 189.611314][ T7880] netlink: 20 bytes leftover after parsing attributes in process `syz.0.748'. [ 189.680933][ T7882] loop1: detected capacity change from 0 to 512 [ 189.689051][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.721144][ T7882] EXT4-fs (loop1): Test dummy encryption mode enabled [ 189.731023][ T7882] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 189.803310][ T7882] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #17: comm syz.1.749: inline data xattr refers to an external xattr inode [ 189.842817][ T7890] loop2: detected capacity change from 0 to 1024 [ 189.850531][ T7890] EXT4-fs: Ignoring removed i_version option [ 189.851552][ T7882] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.749: couldn't read orphan inode 17 (err -117) [ 189.871328][ T7890] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 189.905801][ T7882] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.931456][ T7890] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #3: block 1: comm syz.2.752: lblock 1 mapped to illegal pblock 1 (length 1) [ 189.968629][ T7890] Quota error (device loop2): write_blk: dquota write failed [ 189.997343][ T7890] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 190.022841][ T7890] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.752: Failed to acquire dquot type 0 [ 190.069857][ T7890] EXT4-fs error (device loop2): ext4_free_blocks:6681: comm syz.2.752: Freeing blocks not in datazone - block = 0, count = 4096 [ 190.114307][ T7890] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.752: Invalid inode bitmap blk 0 in block_group 0 [ 190.159583][ T7890] EXT4-fs error (device loop2) in ext4_free_inode:363: Corrupt filesystem [ 190.165527][ T12] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 190.175332][ T7890] EXT4-fs (loop2): 1 orphan inode deleted [ 190.195515][ T7890] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.213807][ T12] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 190.226558][ T12] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:1: Failed to release dquot type 0 [ 190.284671][ T7890] EXT4-fs error (device loop2): ext4_nfs_get_inode:1551: inode #12: comm syz.2.752: iget: bad extra_isize 65535 (inode size 256) [ 190.336390][ T7882] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 190.339069][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.428626][ T7911] loop2: detected capacity change from 0 to 1024 [ 190.450236][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.459834][ T7911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.477208][ T7911] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.606721][ T5777] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 16: comm syz-executor: path /191/file1: bad entry in directory: rec_len is smaller than minimal - offset=876, inode=0, rec_len=0, size=1024 fake=0 [ 190.658349][ T5777] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 37: comm syz-executor: path /191/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0 [ 190.694046][ T5777] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0 [ 190.726936][ T5777] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 37: comm syz-executor: path /191/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0 [ 190.787800][ T5777] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0 [ 190.856330][ T5777] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 37: comm syz-executor: path /191/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0 [ 190.895598][ T5777] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0 [ 190.941487][ T5777] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 37: comm syz-executor: path /191/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0 [ 190.982375][ T5777] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 37: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=5120, inode=0, rec_len=1279, size=1024 fake=0 [ 191.035685][ T5777] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 37: comm syz-executor: path /191/file1/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1279, size=1024 fake=0 [ 191.409169][ T7918] loop1: detected capacity change from 0 to 32768 [ 191.418980][ T7918] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.761 (7918) [ 191.434433][ T7918] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 191.445246][ T7918] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 191.454276][ T7918] BTRFS info (device loop1): setting nodatacow, compression disabled [ 191.491764][ T7918] BTRFS info (device loop1): turning on flush-on-commit [ 191.499350][ T7918] BTRFS info (device loop1): using free space tree [ 191.630525][ T7918] BTRFS info (device loop1): enabling ssd optimizations [ 191.652838][ T7918] BTRFS info (device loop1): auto enabling async discard [ 191.700899][ T5777] bridge0: port 3(syz_tun) entered disabled state [ 191.781046][ T7924] loop4: detected capacity change from 0 to 32768 [ 191.791106][ T5777] syz_tun (unregistering): left allmulticast mode [ 191.797593][ T5777] syz_tun (unregistering): left promiscuous mode [ 191.805374][ T5777] bridge0: port 3(syz_tun) entered disabled state [ 191.851915][ T7924] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 191.872714][ T786] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 191.906678][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.929053][ T5774] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 192.034958][ T7371] ocfs2: Unmounting device (7,4) on (node local) [ 192.082385][ T786] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 192.094440][ T1087] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.137084][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.160207][ T786] usb 1-1: config 0 has no interfaces? [ 192.210705][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.230824][ T786] usb 1-1: config 0 has no interfaces? [ 192.271572][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.290430][ T786] usb 1-1: config 0 has no interfaces? [ 192.321460][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.346057][ T786] usb 1-1: config 0 has no interfaces? [ 192.371550][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.390193][ T786] usb 1-1: config 0 has no interfaces? [ 192.401048][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.440033][ T786] usb 1-1: config 0 has no interfaces? [ 192.447368][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.480094][ T786] usb 1-1: config 0 has no interfaces? [ 192.488691][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.514857][ T1087] netdevsim netdevsim2 netdevsim2 (unregistering): left allmulticast mode [ 192.520107][ T786] usb 1-1: config 0 has no interfaces? [ 192.546261][ T786] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 192.564126][ T1087] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.565756][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 192.622757][ T786] usb 1-1: Product: syz [ 192.627102][ T786] usb 1-1: Manufacturer: syz [ 192.650286][ T786] usb 1-1: SerialNumber: syz [ 192.676514][ T786] usb 1-1: config 0 descriptor?? [ 192.771936][ T1087] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.947265][ T1087] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.104027][ T786] usb 1-1: USB disconnect, device number 5 [ 193.344412][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 193.371524][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 193.395198][ T7960] loop4: detected capacity change from 0 to 16 [ 193.403728][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 193.410485][ T7960] erofs: (device loop4): mounted with root inode @ nid 36. [ 193.419342][ T5778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 193.430429][ T5778] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 193.438612][ T5778] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 193.493620][ T7948] loop1: detected capacity change from 0 to 32768 [ 193.566124][ T7948] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 193.834352][ T5774] ocfs2: Unmounting device (7,1) on (node local) [ 194.209118][ T7977] netlink: 'syz.0.778': attribute type 15 has an invalid length. [ 194.356177][ T7957] chnl_net:caif_netlink_parms(): no params data found [ 194.422465][ T7984] loop0: detected capacity change from 0 to 1024 [ 194.549507][ T1103] hfsplus: b-tree write err: -5, ino 8 [ 194.665407][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.672455][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.022059][ T7957] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.029570][ T7957] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.056775][ T7957] bridge_slave_0: entered allmulticast mode [ 195.064597][ T7957] bridge_slave_0: entered promiscuous mode [ 195.109885][ T7957] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.134599][ T7957] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.155863][ T7957] bridge_slave_1: entered allmulticast mode [ 195.179014][ T7957] bridge_slave_1: entered promiscuous mode [ 195.378709][ T1087] hsr_slave_0: left promiscuous mode [ 195.390885][ T1087] hsr_slave_1: left promiscuous mode [ 195.405039][ T8014] netlink: 428 bytes leftover after parsing attributes in process `syz.1.794'. [ 195.419799][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.427612][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.444626][ T1087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.458489][ T1087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.479277][ T1087] bridge_slave_1: left allmulticast mode [ 195.485696][ T1087] bridge_slave_1: left promiscuous mode [ 195.499766][ T1087] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.513238][ T1087] bridge_slave_0: left allmulticast mode [ 195.518978][ T1087] bridge_slave_0: left promiscuous mode [ 195.525081][ T1087] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.540477][ T5787] Bluetooth: hci2: command tx timeout [ 195.581480][ T1087] veth1_to_batadv: left promiscuous mode [ 195.591515][ T1087] veth1_macvtap: left promiscuous mode [ 195.597153][ T1087] veth0_macvtap: left promiscuous mode [ 195.603138][ T1087] veth1_vlan: left promiscuous mode [ 195.609279][ T1087] veth0_vlan: left promiscuous mode [ 195.836238][ T1087] pimreg (unregistering): left allmulticast mode [ 196.554386][ T1087] team0 (unregistering): Port device team_slave_1 removed [ 196.625996][ T1087] team0 (unregistering): Port device team_slave_0 removed [ 196.689470][ T1087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 196.751478][ T1087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.105409][ T8026] slcan: can't register candev [ 197.128255][ T8026] Falling back ldisc for ttyS3. [ 197.483894][ T786] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 197.556157][ T1087] bond0 (unregistering): Released all slaves [ 197.620343][ T5787] Bluetooth: hci2: command tx timeout [ 197.666717][ T7957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.677169][ T8014] netlink: 104 bytes leftover after parsing attributes in process `syz.1.794'. [ 197.684502][ T7957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.715308][ T786] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.760078][ T786] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.777914][ T786] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 197.788534][ T786] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.799300][ T786] usb 5-1: config 0 descriptor?? [ 197.859445][ T7957] team0: Port device team_slave_0 added [ 197.885135][ T7957] team0: Port device team_slave_1 added [ 198.035082][ T7957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.047930][ T7957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.091867][ T8038] loop1: detected capacity change from 0 to 256 [ 198.106195][ T7957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.156624][ T28] audit: type=1800 audit(1751312124.658:22): pid=8038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.805" name="file1" dev="loop1" ino=1048614 res=0 errno=0 [ 198.180234][ T7957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.190231][ T7957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.234337][ T7957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.238778][ T28] audit: type=1800 audit(1751312124.728:23): pid=8038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.805" name="file1" dev="loop1" ino=1048614 res=0 errno=0 [ 198.265998][ T8040] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.806'. [ 198.278723][ T786] isku 0003:1E7D:319C.0004: unknown main item tag 0x0 [ 198.300204][ T786] isku 0003:1E7D:319C.0004: unknown main item tag 0x0 [ 198.308767][ T8041] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097152) [ 198.346878][ T786] isku 0003:1E7D:319C.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 198.369407][ T8041] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097152) [ 198.389147][ T7957] hsr_slave_0: entered promiscuous mode [ 198.408328][ T7957] hsr_slave_1: entered promiscuous mode [ 198.421480][ T7957] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.429362][ T7957] Cannot create hsr debugfs directory [ 198.712854][ T7957] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 198.725435][ T7957] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 198.738800][ T7957] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 198.746096][ T5823] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 198.766847][ T7957] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 198.778296][ T5830] usb 5-1: USB disconnect, device number 3 [ 198.907986][ T7957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.934054][ T7957] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.944286][ T5823] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.961746][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.962966][ T5823] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 198.969069][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.983662][ T5823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.001288][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.010820][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.041355][ T5823] usb 1-1: config 0 descriptor?? [ 199.050287][ T786] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 199.260728][ T786] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 199.269046][ T786] usb 2-1: config 0 has no interface number 0 [ 199.282095][ T786] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 199.292983][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.301364][ T786] usb 2-1: Product: syz [ 199.305591][ T786] usb 2-1: Manufacturer: syz [ 199.312011][ T786] usb 2-1: SerialNumber: syz [ 199.319483][ T786] usb 2-1: config 0 descriptor?? [ 199.399099][ T7957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.488088][ T5823] nintendo 0003:057E:200E.0005: unbalanced delimiter at end of report description [ 199.521023][ T5823] nintendo 0003:057E:200E.0005: HID parse failed [ 199.549552][ T786] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 199.573815][ T5823] nintendo 0003:057E:200E.0005: probe - fail = -22 [ 199.582765][ T786] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 199.598485][ T5823] nintendo: probe of 0003:057E:200E.0005 failed with error -22 [ 199.604904][ T786] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 199.630582][ T786] usb 2-1: media controller created [ 199.682329][ T786] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 199.701966][ T5787] Bluetooth: hci2: command tx timeout [ 199.748902][ T5823] usb 1-1: USB disconnect, device number 6 [ 199.934581][ T7957] veth0_vlan: entered promiscuous mode [ 199.959184][ T7957] veth1_vlan: entered promiscuous mode [ 200.037453][ T7957] veth0_macvtap: entered promiscuous mode [ 200.057796][ T7957] veth1_macvtap: entered promiscuous mode [ 200.101742][ T7957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 200.118366][ T7957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.129346][ T7957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 200.146608][ T7957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.158317][ T7957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 200.169397][ T7957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.182518][ T7957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.220890][ T7957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 200.236228][ T8078] loop4: detected capacity change from 0 to 2048 [ 200.238759][ T7957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.256069][ T7957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 200.267891][ T7957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.279050][ T8078] hpfs: filesystem error: invalid number of hotfixes: 266, used: 2; already mounted read-only [ 200.290728][ T7957] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 200.302076][ T8078] hpfs: filesystem error: improperly stopped [ 200.308176][ T8078] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2 [ 200.317217][ T7957] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.337737][ T7957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.424020][ T7957] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.441385][ T7957] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.451880][ T7957] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.470448][ T7957] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.481022][ T8080] loop0: detected capacity change from 0 to 1024 [ 200.558004][ T8080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.607318][ T8080] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.731216][ T28] audit: type=1800 audit(1751312127.228:24): pid=8080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.817" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 200.768772][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.789086][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.820415][ T786] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 200.835268][ T1079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.850818][ T1079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.923916][ T786] usb 2-1: USB disconnect, device number 9 [ 200.937072][ T8089] loop4: detected capacity change from 0 to 1024 [ 200.968758][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.975486][ T8089] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 201.279532][ T8095] loop0: detected capacity change from 0 to 4096 [ 201.280988][ T8099] PKCS8: Unsupported PKCS#8 version [ 201.293684][ T8095] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 201.359193][ T8095] ntfs3: loop0: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record [ 201.399410][ T8095] ntfs3: loop0: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record [ 201.484458][ T1079] ntfs3: loop0: ino=1e, failed to parse mft record [ 201.740292][ T8108] wireguard0: entered promiscuous mode [ 201.771132][ T8108] wireguard0: entered allmulticast mode [ 201.780269][ T5787] Bluetooth: hci2: command tx timeout [ 201.928899][ T8115] loop5: detected capacity change from 0 to 4096 [ 201.938476][ T8115] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 202.022889][ T8115] ntfs: volume version 3.1. [ 202.133427][ T8102] loop4: detected capacity change from 0 to 32768 [ 202.202957][ T28] audit: type=1800 audit(1751312128.708:25): pid=8102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.825" name="file1" dev="loop4" ino=7 res=0 errno=0 [ 202.586549][ T8132] netlink: 'syz.5.839': attribute type 2 has an invalid length. [ 202.599410][ T8132] netlink: 28 bytes leftover after parsing attributes in process `syz.5.839'. [ 202.853617][ T8140] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 202.876069][ T8140] iommufd_mock iommufd_mock2: Adding to iommu group 1 [ 202.992794][ T5845] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 203.009899][ T8142] loop1: detected capacity change from 0 to 2048 [ 203.035398][ T8142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.136119][ T8136] loop5: detected capacity change from 0 to 32768 [ 203.159659][ T8136] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.840 (8136) [ 203.173052][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.204347][ T8136] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 203.215532][ T5845] usb 5-1: Using ep0 maxpacket: 16 [ 203.230383][ T8136] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 203.239289][ T8136] BTRFS info (device loop5): force clearing of disk cache [ 203.242216][ T5845] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 203.270326][ T8136] BTRFS info (device loop5): setting nodatacow, compression disabled [ 203.280666][ T5845] usb 5-1: config 0 has no interface number 0 [ 203.298958][ T8136] BTRFS info (device loop5): turning off barriers [ 203.301046][ T5845] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 203.309111][ T8136] BTRFS info (device loop5): enabling auto defrag [ 203.334343][ T8136] BTRFS info (device loop5): turning on sync discard [ 203.341082][ T5845] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 203.343442][ T5845] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 203.358146][ T8136] BTRFS warning (device loop5): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 203.369494][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 203.376008][ T8136] BTRFS info (device loop5): trying to use backup root at mount time [ 203.379833][ T5845] usb 5-1: Product: syz [ 203.398657][ T8136] BTRFS info (device loop5): enabling ssd optimizations [ 203.400948][ T5845] usb 5-1: SerialNumber: syz [ 203.406273][ T8136] BTRFS info (device loop5): using spread ssd allocation scheme [ 203.420420][ T8136] BTRFS info (device loop5): using free space tree [ 203.429530][ T5845] usb 5-1: config 0 descriptor?? [ 203.449603][ T5845] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 203.459392][ T5845] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input13 [ 203.485235][ T1103] BTRFS warning (device loop5): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0 [ 203.514937][ T8136] BTRFS warning (device loop5): couldn't read tree root [ 203.522651][ T8136] BTRFS warning (device loop5): try to load backup roots slot 1 [ 203.533136][ T1103] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0 [ 203.549849][ T8136] BTRFS warning (device loop5): couldn't read tree root [ 203.574818][ T8136] BTRFS warning (device loop5): try to load backup roots slot 2 [ 203.583172][ T1103] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 203.599649][ T8136] BTRFS warning (device loop5): couldn't read tree root [ 203.608159][ T5822] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 203.616277][ T8168] loop1: detected capacity change from 0 to 64 [ 203.625643][ T8136] BTRFS warning (device loop5): try to load backup roots slot 3 [ 203.636541][ T8168] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 203.649527][ T8136] BTRFS info (device loop5): rebuilding free space tree [ 203.706675][ T8136] BTRFS info (device loop5): checking UUID tree [ 203.802549][ T5822] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 203.802589][ T5822] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 203.802633][ T5822] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 203.802658][ T5822] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.806343][ T8149] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 203.810539][ T5822] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 203.991298][ T7957] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 204.175708][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.185943][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.193442][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.200977][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.208481][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.215850][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.222955][ T5822] usb 1-1: USB disconnect, device number 7 [ 204.223096][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.240283][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.247618][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.255116][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 204.263001][ T968] usb 5-1: USB disconnect, device number 4 [ 204.268914][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 204.316546][ T968] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 204.347030][ T5787] Bluetooth: hci2: command tx timeout [ 204.647493][ T8183] netlink: 20 bytes leftover after parsing attributes in process `syz.5.855'. [ 205.304050][ T8206] loop5: detected capacity change from 0 to 1764 [ 205.651055][ T8218] loop4: detected capacity change from 0 to 4096 [ 205.670056][ T8218] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 205.759333][ T8224] loop1: detected capacity change from 0 to 512 [ 205.776620][ T8224] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 205.800222][ T8224] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec018, mo2=0002] [ 205.826004][ T8224] System zones: 1-12 [ 205.840393][ T8224] EXT4-fs (loop1): orphan cleanup on readonly fs [ 205.866666][ T8224] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2867: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 205.900282][ T8224] EXT4-fs (loop1): 1 truncate cleaned up [ 205.908074][ T8224] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 206.013172][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.236412][ T8235] loop4: detected capacity change from 0 to 1024 [ 206.266349][ T8235] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 206.276889][ T8220] loop5: detected capacity change from 0 to 32768 [ 206.313071][ T8235] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.336362][ T8220] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 206.412122][ T8235] EXT4-fs error (device loop4): ext4_xattr_block_find:1886: inode #15: comm syz.4.880: corrupted xattr block 161: invalid header [ 206.430437][ T5822] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 206.453098][ T8235] EXT4-fs (loop4): Remounting filesystem read-only [ 206.513983][ T7957] (syz-executor,7957,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 206.543768][ T7371] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.576004][ T7957] ocfs2: Unmounting device (7,5) on (node local) [ 206.610883][ T5822] usb 2-1: Using ep0 maxpacket: 16 [ 206.642504][ T5822] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 206.660186][ T5822] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.681469][ T5822] usb 2-1: config 0 descriptor?? [ 206.691924][ T5822] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 206.898137][ T5822] usb 2-1: Detected FT232B [ 206.932855][ T8240] loop0: detected capacity change from 0 to 40427 [ 206.942050][ T8240] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 206.949928][ T8240] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 206.962727][ T8240] F2FS-fs (loop0): invalid crc value [ 206.974556][ T8240] F2FS-fs (loop0): Found nat_bits in checkpoint [ 206.992556][ T5787] Bluetooth: hci0: command 0x0406 tx timeout [ 207.065487][ T8240] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 207.075526][ T8240] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 207.104618][ T5822] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 207.125594][ T5822] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 207.200734][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.208903][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.217770][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.227576][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.235307][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.243270][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.250933][ T8240] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 207.360533][ T8] usb 2-1: USB disconnect, device number 10 [ 207.385985][ T8] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 207.413338][ T8] ftdi_sio 2-1:0.0: device disconnected [ 207.451743][ T8252] loop5: detected capacity change from 0 to 32768 [ 207.498246][ T8252] JBD2: Ignoring recovery information on journal [ 207.579111][ T8252] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 207.708947][ T8259] 9p: Unknown uid 00000000004294967295 [ 207.892002][ T7957] ocfs2: Unmounting device (7,5) on (node local) [ 208.022111][ T8265] 9pnet: p9_errstr2errno: server reported unknown error [ 208.226958][ T8271] loop1: detected capacity change from 0 to 128 [ 208.295164][ T8271] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 208.338298][ T8271] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 208.396681][ T8273] loop0: detected capacity change from 0 to 4096 [ 208.426073][ T8273] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 208.574619][ T8278] input: syz1 as /devices/virtual/input/input14 [ 208.767714][ T8261] loop4: detected capacity change from 0 to 40427 [ 208.795436][ T8261] F2FS-fs (loop4): invalid crc value [ 208.825892][ T8261] F2FS-fs (loop4): Found nat_bits in checkpoint [ 208.832378][ T8285] loop5: detected capacity change from 0 to 2048 [ 208.846375][ T8285] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 208.870048][ T8285] UDF-fs: Scanning with blocksize 512 failed [ 208.900035][ T8285] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 208.910477][ T8261] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 209.023280][ T7371] syz-executor: attempt to access beyond end of device [ 209.023280][ T7371] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.045065][ T7371] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 209.100322][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 209.286336][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 209.316228][ T8] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 209.334884][ T8] usb 1-1: config 0 has no interface number 0 [ 209.350125][ T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.373553][ T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.390087][ T8] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 209.409450][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.440952][ T8] usb 1-1: config 0 descriptor?? [ 209.865188][ T8] hid (null): invalid report_count 1405183649 [ 210.079634][ T8] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0006/input/input15 [ 210.209936][ T8] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0006/input/input16 [ 210.255795][ T8] uclogic 0003:28BD:0071.0006: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.0-1/input1 [ 210.280665][ T8318] loop1: detected capacity change from 0 to 2048 [ 210.304362][ T8] usb 1-1: USB disconnect, device number 8 [ 210.316932][ T8318] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 210.550614][ T8323] loop5: detected capacity change from 0 to 2048 [ 210.561530][ T8323] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 210.573699][ T8323] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 210.582349][ T8323] UDF-fs: Scanning with blocksize 512 failed [ 210.599006][ T8323] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 210.748886][ T8325] loop1: detected capacity change from 0 to 4096 [ 210.757464][ T8325] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 210.827951][ T8325] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 210.845074][ T8325] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 211.206009][ T8331] loop5: detected capacity change from 0 to 4096 [ 211.239369][ T8331] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.379004][ T8330] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #15: comm syz.5.919: corrupted inode contents [ 211.432690][ T8330] EXT4-fs error (device loop5): ext4_dirty_inode:6106: inode #15: comm syz.5.919: mark_inode_dirty error [ 211.465271][ T8330] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #15: comm syz.5.919: corrupted inode contents [ 211.498337][ T8330] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.919: mark_inode_dirty error [ 211.549030][ T8330] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #15: comm syz.5.919: corrupted inode contents [ 211.590121][ T8330] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #15: comm syz.5.919: mark_inode_dirty error [ 211.615191][ T8330] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #15: comm syz.5.919: corrupted inode contents [ 211.659905][ T8330] EXT4-fs error (device loop5): ext4_truncate:4288: inode #15: comm syz.5.919: mark_inode_dirty error [ 211.688500][ T8330] EXT4-fs error (device loop5): ext4_evict_inode:263: comm syz.5.919: couldn't truncate inode 15 (err -117) [ 211.768881][ T8359] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 211.793050][ T7957] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.003571][ T8364] netdevsim netdevsim0: Direct firmware load for ö×0”©ÛPq•ä…õD"€2ðNÿktT·Wj«³%¼Nµ§ failed with error -2 [ 212.016162][ T8364] netdevsim netdevsim0: Falling back to sysfs fallback for: ö×0”©ÛPq•ä…õD"€2ðNÿktT·Wj«³%¼Nµ§ [ 212.384222][ T28] audit: type=1326 audit(1751312138.888:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30b18e929 code=0x7ffc0000 [ 212.408266][ T8376] loop1: detected capacity change from 0 to 256 [ 212.438570][ T28] audit: type=1326 audit(1751312138.888:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30b18e929 code=0x7ffc0000 [ 212.483498][ T28] audit: type=1326 audit(1751312138.918:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7fb30b18e929 code=0x7ffc0000 [ 212.531290][ T28] audit: type=1326 audit(1751312138.918:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30b18e929 code=0x7ffc0000 [ 212.578420][ T28] audit: type=1326 audit(1751312138.918:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30b18e929 code=0x7ffc0000 [ 212.845190][ T8387] cifs: Unknown parameter 'f,' [ 213.224585][ T968] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 213.420211][ T968] usb 2-1: Using ep0 maxpacket: 16 [ 213.442308][ T968] usb 2-1: config 0 interface 0 has no altsetting 0 [ 213.459413][ T968] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 213.479089][ T968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.505638][ T968] usb 2-1: config 0 descriptor?? [ 213.622518][ T8414] loop4: detected capacity change from 0 to 512 [ 213.630881][ T8414] EXT4-fs: Ignoring removed bh option [ 213.658473][ T8414] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 213.685218][ T8414] EXT4-fs (loop4): invalid journal inode [ 213.693024][ T8414] EXT4-fs (loop4): can't get journal size [ 213.736298][ T8414] EXT4-fs (loop4): 1 truncate cleaned up [ 213.761878][ T8421] netem: unknown loss type 0 [ 213.767502][ T8421] netem: change failed [ 213.770262][ T8414] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 213.883609][ T8414] ERROR: device name not specified. [ 213.971607][ T968] hid (null): global environment stack overflow [ 213.987673][ T968] hid (null): invalid report_size 18151 [ 214.000666][ T968] hid (null): global environment stack overflow [ 214.002961][ T7371] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.178665][ T786] usb 2-1: USB disconnect, device number 11 [ 214.375010][ T8433] loop0: detected capacity change from 0 to 512 [ 214.383105][ T8433] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 214.390207][ T968] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 214.408203][ T8433] EXT4-fs (loop0): 1 truncate cleaned up [ 214.416171][ T8433] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.450207][ T5823] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 214.464039][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.592805][ T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.603895][ T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 214.613734][ T968] usb 5-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 214.622881][ T968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.633418][ T968] usb 5-1: config 0 descriptor?? [ 214.653556][ T5823] usb 6-1: unable to get BOS descriptor or descriptor too short [ 214.665378][ T5823] usb 6-1: no configurations [ 214.671356][ T5823] usb 6-1: can't read configurations, error -22 [ 214.790455][ T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 214.990041][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 215.002876][ T8] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 215.011273][ T8] usb 1-1: config 0 has no interface number 0 [ 215.017436][ T8] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 215.028502][ T8] usb 1-1: config 0 interface 85 has no altsetting 0 [ 215.044301][ T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 215.054424][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.063638][ T8] usb 1-1: Product: syz [ 215.064508][ T968] apple 0003:05AC:0262.0008: unbalanced delimiter at end of report description [ 215.067833][ T8] usb 1-1: Manufacturer: syz [ 215.081605][ T8] usb 1-1: SerialNumber: syz [ 215.088861][ T8] usb 1-1: config 0 descriptor?? [ 215.098670][ T968] apple 0003:05AC:0262.0008: parse failed [ 215.112985][ T968] apple: probe of 0003:05AC:0262.0008 failed with error -22 [ 215.165025][ T8439] loop1: detected capacity change from 0 to 32768 [ 215.181177][ T8439] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.967 (8439) [ 215.202238][ T8439] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 215.217828][ T8439] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 215.235617][ T8439] BTRFS info (device loop1): force clearing of disk cache [ 215.243117][ T8439] BTRFS info (device loop1): setting nodatacow, compression disabled [ 215.255704][ T8439] BTRFS info (device loop1): turning off barriers [ 215.262370][ T8439] BTRFS info (device loop1): enabling auto defrag [ 215.274367][ T8439] BTRFS info (device loop1): turning on sync discard [ 215.281352][ T8439] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 215.297195][ T8439] BTRFS info (device loop1): trying to use backup root at mount time [ 215.309823][ T8439] BTRFS info (device loop1): enabling ssd optimizations [ 215.321333][ T8439] BTRFS info (device loop1): using spread ssd allocation scheme [ 215.329082][ T8439] BTRFS info (device loop1): using free space tree [ 215.336178][ T5822] usb 5-1: USB disconnect, device number 5 [ 215.375209][ T1087] BTRFS warning (device loop1): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0 [ 215.394138][ T8439] BTRFS warning (device loop1): couldn't read tree root [ 215.401580][ T8439] BTRFS warning (device loop1): try to load backup roots slot 1 [ 215.413231][ T1087] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0 [ 215.428195][ T8439] BTRFS warning (device loop1): couldn't read tree root [ 215.441500][ T8439] BTRFS warning (device loop1): try to load backup roots slot 2 [ 215.449766][ T12] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 215.466723][ T8439] BTRFS warning (device loop1): couldn't read tree root [ 215.474349][ T8439] BTRFS warning (device loop1): try to load backup roots slot 3 [ 215.499512][ T8439] BTRFS info (device loop1): rebuilding free space tree [ 215.549745][ T8439] BTRFS info (device loop1): checking UUID tree [ 215.647269][ T5774] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 215.788081][ T8] appletouch 1-1:0.85: Geyser mode initialized. [ 215.805550][ T8] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input17 [ 216.044534][ T968] usb 1-1: USB disconnect, device number 9 [ 216.056511][ T8470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.974'. [ 216.140240][ T968] appletouch 1-1:0.85: input: appletouch disconnected [ 216.552959][ T8484] kvm: kvm [8483]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000061) [ 216.590516][ T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 216.698699][ T8476] loop1: detected capacity change from 0 to 40427 [ 216.707085][ T8476] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 216.716394][ T8476] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 216.741816][ T8476] F2FS-fs (loop1): invalid crc value [ 216.776324][ T8476] F2FS-fs (loop1): Found nat_bits in checkpoint [ 216.794877][ T8] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 216.804325][ T8] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 216.817865][ T8] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 216.835625][ T8] usb 6-1: config 220 has no interface number 2 [ 216.850079][ T8] usb 6-1: config 220 interface 1 altsetting 5 bulk endpoint 0x1 has invalid maxpacket 16 [ 216.865215][ T8] usb 6-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 216.878894][ T8] usb 6-1: config 220 interface 0 has no altsetting 0 [ 216.889666][ T8] usb 6-1: config 220 interface 76 has no altsetting 0 [ 216.892411][ T8476] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 216.897011][ T8] usb 6-1: config 220 interface 1 has no altsetting 0 [ 216.918717][ T8476] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 216.922275][ T8] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 216.939779][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.949630][ T8] usb 6-1: Product: syz [ 216.954274][ T8] usb 6-1: Manufacturer: syz [ 216.958911][ T8] usb 6-1: SerialNumber: syz [ 217.012100][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.019838][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.027816][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.035680][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.043444][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.051131][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.058827][ T8476] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 217.200216][ T8] uvcvideo 6-1:220.1: Unknown video format 00000000-0000-0000-0000-000000000000 [ 217.219813][ T8] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 217.239854][ T8] usb 6-1: No valid video chain found. [ 217.245727][ T8] usb 6-1: selecting invalid altsetting 0 [ 217.272657][ T8] usb 6-1: selecting invalid altsetting 0 [ 217.282909][ T8] usbtest: probe of 6-1:220.1 failed with error -22 [ 217.312225][ T8] usb 6-1: USB disconnect, device number 4 [ 217.412130][ T8503] loop4: detected capacity change from 0 to 64 [ 217.783649][ T5778] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 217.794274][ T5778] Bluetooth: hci2: Injecting HCI hardware error event [ 217.806054][ T5787] Bluetooth: hci2: hardware error 0x00 [ 218.036046][ T8519] bridge0: entered promiscuous mode [ 218.137373][ T8] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 218.261783][ T8534] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1001'. [ 218.330667][ T8] usb 6-1: Using ep0 maxpacket: 32 [ 218.342644][ T8] usb 6-1: config 0 interface 0 altsetting 74 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.364219][ T8] usb 6-1: config 0 interface 0 altsetting 74 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.384649][ T8] usb 6-1: config 0 interface 0 has no altsetting 0 [ 218.400082][ T8] usb 6-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 218.419557][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.441083][ T8] usb 6-1: config 0 descriptor?? [ 218.832034][ T8532] loop1: detected capacity change from 0 to 40427 [ 218.841175][ T8532] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 218.848263][ T8532] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 218.857370][ T8532] F2FS-fs (loop1): heap/no_heap options were deprecated [ 218.868639][ T8] petalynx 0003:18B1:0037.0009: unknown main item tag 0x0 [ 218.876469][ T8] petalynx 0003:18B1:0037.0009: unknown main item tag 0x0 [ 218.886323][ T8] petalynx 0003:18B1:0037.0009: item fetching failed at offset 2/3 [ 218.896587][ T8] petalynx 0003:18B1:0037.0009: parse failed [ 218.903462][ T8] petalynx: probe of 0003:18B1:0037.0009 failed with error -22 [ 218.911295][ T8532] F2FS-fs (loop1): invalid crc value [ 218.926351][ T8532] F2FS-fs (loop1): Found nat_bits in checkpoint [ 218.930167][ T5779] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 218.947238][ T8542] loop0: detected capacity change from 0 to 4096 [ 218.956922][ T8542] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 218.988889][ T8532] F2FS-fs (loop1): Start checkpoint disabled! [ 219.003007][ T8532] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 219.004295][ T8542] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 219.010324][ T8532] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 219.031273][ T8542] ntfs3: loop0: Failed to initialize $Extend/$ObjId. [ 219.118607][ T8] usb 6-1: USB disconnect, device number 5 [ 219.130254][ T5779] usb 5-1: Using ep0 maxpacket: 16 [ 219.148734][ T5779] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.170104][ T5779] usb 5-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.197921][ T5779] usb 5-1: config 0 interface 0 has no altsetting 0 [ 219.210254][ T5779] usb 5-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 219.229699][ T5779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.240821][ T5779] usb 5-1: config 0 descriptor?? [ 219.243086][ T59] kworker/u4:4: attempt to access beyond end of device [ 219.243086][ T59] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 219.267284][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 219.276503][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 219.284811][ T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 219.679767][ T5779] lenovo 0003:17EF:6009.000A: unknown main item tag 0x0 [ 219.708385][ T5779] lenovo 0003:17EF:6009.000A: unknown main item tag 0x0 [ 219.720463][ T5779] lenovo 0003:17EF:6009.000A: unknown main item tag 0x0 [ 219.727891][ T5779] lenovo 0003:17EF:6009.000A: unknown main item tag 0x0 [ 219.737772][ T5779] lenovo 0003:17EF:6009.000A: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.4-1/input0 [ 219.796605][ T8556] netlink: 'syz.1.1010': attribute type 12 has an invalid length. [ 219.805181][ T8556] netlink: 'syz.1.1010': attribute type 29 has an invalid length. [ 219.815312][ T8556] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1010'. [ 219.862103][ T5787] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 219.926058][ T5822] usb 5-1: USB disconnect, device number 6 [ 219.999295][ T8564] loop1: detected capacity change from 0 to 512 [ 220.002172][ T8562] loop0: detected capacity change from 0 to 2048 [ 220.021759][ T8562] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 220.029845][ T8562] UDF-fs: Scanning with blocksize 512 failed [ 220.045429][ T8562] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 220.049053][ T8564] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.095467][ T8564] ext4 filesystem being mounted at /270/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 220.155101][ T8564] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #2: comm syz.1.1013: corrupted inode contents [ 220.175762][ T8564] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #2: comm syz.1.1013: mark_inode_dirty error [ 220.209881][ T8564] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #2: comm syz.1.1013: corrupted inode contents [ 220.247047][ T8571] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #2: comm syz.1.1013: corrupted inode contents [ 220.368919][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.434467][ T8573] vivid-007: ================= START STATUS ================= [ 220.453753][ T8573] vivid-007: Enable Output Cropping: true [ 220.470180][ T8573] vivid-007: Enable Output Composing: true [ 220.476228][ T8573] vivid-007: Enable Output Scaler: true [ 220.486428][ T8573] vivid-007: Tx RGB Quantization Range: Automatic [ 220.503761][ T8573] vivid-007: Transmit Mode: HDMI [ 220.517760][ T8573] vivid-007: Display Present: true inactive [ 220.531621][ T8573] vivid-007: Hotplug Present: 0x00000001 [ 220.531983][ T8575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'. [ 220.537489][ T8573] vivid-007: RxSense Present: 0x00000001 [ 220.562466][ T8573] vivid-007: EDID Present: 0x00000001 [ 220.567055][ T8575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'. [ 220.584720][ T8573] vivid-007: ================== END STATUS ================== [ 220.895247][ T28] audit: type=1326 audit(1751312147.398:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 220.949758][ T28] audit: type=1326 audit(1751312147.398:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 221.005503][ T28] audit: type=1326 audit(1751312147.438:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 221.090087][ T28] audit: type=1326 audit(1751312147.438:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 221.143153][ T8596] loop0: detected capacity change from 0 to 1024 [ 221.149739][ T28] audit: type=1326 audit(1751312147.438:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 221.185926][ T8596] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 221.217865][ T28] audit: type=1326 audit(1751312147.438:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 221.266839][ T28] audit: type=1326 audit(1751312147.438:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdca358e929 code=0x7ffc0000 [ 221.313428][ T8596] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.316314][ T28] audit: type=1326 audit(1751312147.438:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdca35858e7 code=0x7ffc0000 [ 221.347936][ T28] audit: type=1326 audit(1751312147.438:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdca352ab19 code=0x7ffc0000 [ 221.371149][ T28] audit: type=1326 audit(1751312147.438:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8589 comm="syz.0.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdca35858e7 code=0x7ffc0000 [ 221.487555][ T8596] EXT4-fs error (device loop0): ext4_xattr_block_find:1886: inode #15: comm syz.0.1026: corrupted xattr block 161: invalid header [ 221.533860][ T8596] EXT4-fs (loop0): Remounting filesystem read-only [ 221.617087][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.205495][ T8622] loop4: detected capacity change from 0 to 1764 [ 222.625704][ T8645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1048'. [ 222.660156][ T8645] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1048'. [ 222.669188][ T8645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1048'. [ 222.686768][ T8645] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1048'. [ 222.696755][ T8645] netlink: 'syz.4.1048': attribute type 6 has an invalid length. [ 222.710501][ T5822] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 222.902319][ T5822] usb 6-1: Using ep0 maxpacket: 8 [ 222.916137][ T5822] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 222.924821][ T8657] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1055'. [ 222.940102][ T5822] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.948319][ T5822] usb 6-1: Product: syz [ 222.968008][ T5822] usb 6-1: Manufacturer: syz [ 222.974050][ T5822] usb 6-1: SerialNumber: syz [ 222.981765][ T5822] usb 6-1: config 0 descriptor?? [ 223.218827][ T5822] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 223.232386][ T5822] gspca_sunplus: reg_w_riv err -71 [ 223.246949][ T5822] sunplus: probe of 6-1:0.0 failed with error -71 [ 223.260292][ T968] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 223.262727][ T5822] usb 6-1: USB disconnect, device number 6 [ 223.463883][ T968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.492248][ T968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.512599][ T968] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 223.530080][ T968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.560646][ T968] usb 2-1: config 0 descriptor?? [ 223.679092][ T8665] loop4: detected capacity change from 0 to 40427 [ 223.690197][ T8665] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 223.696952][ T8665] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 223.712942][ T8665] F2FS-fs (loop4): Found nat_bits in checkpoint [ 223.759689][ T8665] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 223.768722][ T8665] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 223.841377][ T7371] syz-executor: attempt to access beyond end of device [ 223.841377][ T7371] loop4: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 223.857039][ T7371] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 223.879282][ T7371] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 223.889720][ T7371] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 223.901724][ T7371] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 224.438686][ T968] hid-led: probe of 0003:0FC5:B080.000B failed with error -71 [ 224.465680][ T968] usb 2-1: USB disconnect, device number 12 [ 224.491058][ T8677] loop5: detected capacity change from 0 to 512 [ 224.518077][ T8677] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 224.527146][ T8679] loop4: detected capacity change from 0 to 1024 [ 224.532321][ T8677] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.550247][ T5779] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 224.614237][ T42] hfsplus: b-tree write err: -5, ino 4 [ 224.730123][ T5779] usb 1-1: Using ep0 maxpacket: 16 [ 224.737464][ T5779] usb 1-1: config 0 interface 0 has no altsetting 0 [ 224.744575][ T5779] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 224.765792][ T5779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.784019][ T5779] usb 1-1: config 0 descriptor?? [ 224.861805][ T7957] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 225.219541][ T5779] hid (null): global environment stack overflow [ 225.247187][ T5779] hid (null): invalid report_size 18151 [ 225.260184][ T5779] hid (null): global environment stack overflow [ 225.476878][ T5779] usb 1-1: USB disconnect, device number 10 [ 225.851824][ T8709] loop4: detected capacity change from 0 to 32768 [ 225.921416][ T8709] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 226.163253][ T7371] [ 226.165669][ T7371] ====================================================== [ 226.172720][ T7371] WARNING: possible circular locking dependency detected [ 226.179775][ T7371] 6.6.95-syzkaller #0 Not tainted [ 226.184824][ T7371] ------------------------------------------------------ [ 226.191868][ T7371] syz-executor/7371 is trying to acquire lock: [ 226.198045][ T7371] ffff888077e542d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}, at: __ocfs2_flush_truncate_log+0x351/0x10b0 [ 226.211328][ T7371] [ 226.211328][ T7371] but task is already holding lock: [ 226.218722][ T7371] ffff888059b5df58 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_flush_truncate_log+0x47/0x60 [ 226.231502][ T7371] [ 226.231502][ T7371] which lock already depends on the new lock. [ 226.231502][ T7371] [ 226.241920][ T7371] [ 226.241920][ T7371] the existing dependency chain (in reverse order) is: [ 226.250945][ T7371] [ 226.250945][ T7371] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}: [ 226.261493][ T7371] down_write+0x97/0x1f0 [ 226.266276][ T7371] __ocfs2_move_extents_range+0x1a65/0x3360 [ 226.272719][ T7371] ocfs2_move_extents+0x379/0x940 [ 226.278283][ T7371] ocfs2_ioctl_move_extents+0x4e1/0x6c0 [ 226.284371][ T7371] ocfs2_ioctl+0x195/0x750 [ 226.289332][ T7371] __se_sys_ioctl+0xfd/0x170 [ 226.294467][ T7371] do_syscall_64+0x55/0xb0 [ 226.299424][ T7371] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.305859][ T7371] [ 226.305859][ T7371] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}: [ 226.316393][ T7371] __lock_acquire+0x2ddb/0x7c80 [ 226.321779][ T7371] lock_acquire+0x197/0x410 [ 226.326811][ T7371] down_write+0x97/0x1f0 [ 226.331595][ T7371] __ocfs2_flush_truncate_log+0x351/0x10b0 [ 226.337940][ T7371] ocfs2_flush_truncate_log+0x4f/0x60 [ 226.343854][ T7371] ocfs2_sync_fs+0x117/0x310 [ 226.348983][ T7371] sync_filesystem+0x1c2/0x220 [ 226.354275][ T7371] generic_shutdown_super+0x6f/0x2b0 [ 226.360177][ T7371] kill_block_super+0x44/0x90 [ 226.365384][ T7371] deactivate_locked_super+0x97/0x100 [ 226.371287][ T7371] cleanup_mnt+0x429/0x4c0 [ 226.376235][ T7371] task_work_run+0x1ce/0x250 [ 226.381382][ T7371] exit_to_user_mode_loop+0xe6/0x110 [ 226.387205][ T7371] exit_to_user_mode_prepare+0xb1/0x140 [ 226.393282][ T7371] syscall_exit_to_user_mode+0x1a/0x50 [ 226.399276][ T7371] do_syscall_64+0x61/0xb0 [ 226.404228][ T7371] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.410661][ T7371] [ 226.410661][ T7371] other info that might help us debug this: [ 226.410661][ T7371] [ 226.420981][ T7371] Possible unsafe locking scenario: [ 226.420981][ T7371] [ 226.428435][ T7371] CPU0 CPU1 [ 226.433813][ T7371] ---- ---- [ 226.439184][ T7371] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6); [ 226.446512][ T7371] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5); [ 226.456358][ T7371] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6); [ 226.466177][ T7371] lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5); [ 226.473476][ T7371] [ 226.473476][ T7371] *** DEADLOCK *** [ 226.473476][ T7371] [ 226.481620][ T7371] 2 locks held by syz-executor/7371: [ 226.486907][ T7371] #0: ffff888023b860e0 (&type->s_umount_key#57){+.+.}-{3:3}, at: deactivate_super+0xa4/0xe0 [ 226.497117][ T7371] #1: ffff888059b5df58 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}, at: ocfs2_flush_truncate_log+0x47/0x60 [ 226.510282][ T7371] [ 226.510282][ T7371] stack backtrace: [ 226.516187][ T7371] CPU: 0 PID: 7371 Comm: syz-executor Not tainted 6.6.95-syzkaller #0 [ 226.524350][ T7371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.534527][ T7371] Call Trace: [ 226.537819][ T7371] [ 226.540768][ T7371] dump_stack_lvl+0x16c/0x230 [ 226.545468][ T7371] ? load_image+0x3b0/0x3b0 [ 226.549984][ T7371] ? show_regs_print_info+0x20/0x20 [ 226.555206][ T7371] ? print_circular_bug+0x12b/0x1a0 [ 226.560423][ T7371] check_noncircular+0x2bd/0x3c0 [ 226.565379][ T7371] ? print_deadlock_bug+0x5d0/0x5d0 [ 226.570601][ T7371] ? lockdep_lock+0xe0/0x220 [ 226.575208][ T7371] ? _find_first_zero_bit+0xd3/0x100 [ 226.580505][ T7371] __lock_acquire+0x2ddb/0x7c80 [ 226.585377][ T7371] ? ocfs2_get_system_file_inode+0x1e3/0x7b0 [ 226.591374][ T7371] ? __lock_acquire+0x7c80/0x7c80 [ 226.596411][ T7371] ? verify_lock_unused+0x140/0x140 [ 226.601627][ T7371] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 226.607277][ T7371] ? do_raw_spin_lock+0x121/0x2c0 [ 226.612314][ T7371] ? mutex_unlock+0x10/0x10 [ 226.616841][ T7371] lock_acquire+0x197/0x410 [ 226.621360][ T7371] ? __ocfs2_flush_truncate_log+0x351/0x10b0 [ 226.627367][ T7371] ? ocfs2_get_system_file_inode+0x1f1/0x7b0 [ 226.633371][ T7371] ? __might_sleep+0xe0/0xe0 [ 226.637979][ T7371] ? read_lock_is_recursive+0x20/0x20 [ 226.643363][ T7371] ? ocfs2_fast_symlink_read_folio+0x530/0x530 [ 226.649533][ T7371] ? __wake_up+0x11f/0x190 [ 226.653966][ T7371] down_write+0x97/0x1f0 [ 226.658236][ T7371] ? __ocfs2_flush_truncate_log+0x351/0x10b0 [ 226.664233][ T7371] ? down_read_killable+0x340/0x340 [ 226.669447][ T7371] ? _raw_write_unlock+0x28/0x40 [ 226.674393][ T7371] ? jbd2_journal_unlock_updates+0x84/0xe0 [ 226.680249][ T7371] __ocfs2_flush_truncate_log+0x351/0x10b0 [ 226.686093][ T7371] ? ocfs2_truncate_log_needs_flush+0x2e0/0x2e0 [ 226.692352][ T7371] ? read_lock_is_recursive+0x20/0x20 [ 226.697740][ T7371] ? down_write+0x162/0x1f0 [ 226.702258][ T7371] ? down_read_killable+0x340/0x340 [ 226.707475][ T7371] ? __rwlock_init+0x150/0x150 [ 226.712258][ T7371] ocfs2_flush_truncate_log+0x4f/0x60 [ 226.717653][ T7371] ocfs2_sync_fs+0x117/0x310 [ 226.722274][ T7371] ? ocfs2_put_super+0x1c0/0x1c0 [ 226.727241][ T7371] ? writeback_inodes_sb_nr+0x30/0x30 [ 226.732649][ T7371] ? get_nr_dirty_inodes+0x1d4/0x220 [ 226.737961][ T7371] sync_filesystem+0x1c2/0x220 [ 226.742741][ T7371] generic_shutdown_super+0x6f/0x2b0 [ 226.748048][ T7371] kill_block_super+0x44/0x90 [ 226.752746][ T7371] deactivate_locked_super+0x97/0x100 [ 226.758134][ T7371] cleanup_mnt+0x429/0x4c0 [ 226.762570][ T7371] task_work_run+0x1ce/0x250 [ 226.767185][ T7371] ? task_work_cancel+0x240/0x240 [ 226.772228][ T7371] ? exit_to_user_mode_loop+0x3b/0x110 [ 226.777704][ T7371] exit_to_user_mode_loop+0xe6/0x110 [ 226.783009][ T7371] exit_to_user_mode_prepare+0xb1/0x140 [ 226.788574][ T7371] syscall_exit_to_user_mode+0x1a/0x50 [ 226.794069][ T7371] do_syscall_64+0x61/0xb0 [ 226.798508][ T7371] ? clear_bhb_loop+0x40/0x90 [ 226.803197][ T7371] ? clear_bhb_loop+0x40/0x90 [ 226.807887][ T7371] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.813821][ T7371] RIP: 0033:0x7f3b6358fc57 [ 226.818267][ T7371] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 226.837976][ T7371] RSP: 002b:00007ffd6ea4f0d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 226.846405][ T7371] RAX: 0000000000000000 RBX: 00007f3b63610925 RCX: 00007f3b6358fc57 [ 226.854394][ T7371] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6ea4f190 [ 226.862374][ T7371] RBP: 00007ffd6ea4f190 R08: 0000000000000000 R09: 0000000000000000 [ 226.870362][ T7371] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6ea50220 [ 226.878345][ T7371] R13: 00007f3b63610925 R14: 00000000000372d4 R15: 00007ffd6ea50260 [ 226.886337][ T7371] [ 226.925838][ T7371] ocfs2: Unmounting device (7,4) on (node local)